* Scope of SECMARK_MODE_SEL
@ 2007-08-03 19:53 Casey Schaufler
2007-08-03 21:38 ` James Morris
0 siblings, 1 reply; 3+ messages in thread
From: Casey Schaufler @ 2007-08-03 19:53 UTC (permalink / raw)
To: SELinux List
It is my assumption that SECMARK_MODE_SEL is defined and coded solely
for use by SELinux and that it is not intended as a general purpose
secmark for any random LSM to use. I assume that if another LSM wants
to use SECMARK that it needs to supply its own SECMARK_MODE value and
checkentry function.
Are my assumptions accurate?
Thank you.
Casey Schaufler
casey@schaufler-ca.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Scope of SECMARK_MODE_SEL
2007-08-03 19:53 Scope of SECMARK_MODE_SEL Casey Schaufler
@ 2007-08-03 21:38 ` James Morris
2007-08-04 18:20 ` Casey Schaufler
0 siblings, 1 reply; 3+ messages in thread
From: James Morris @ 2007-08-03 21:38 UTC (permalink / raw)
To: Casey Schaufler; +Cc: SELinux List
On Fri, 3 Aug 2007, Casey Schaufler wrote:
>
> It is my assumption that SECMARK_MODE_SEL is defined and coded solely
> for use by SELinux and that it is not intended as a general purpose
> secmark for any random LSM to use. I assume that if another LSM wants
> to use SECMARK that it needs to supply its own SECMARK_MODE value and
> checkentry function.
>
> Are my assumptions accurate?
Yes, and you likely also need to add your own entry to the union in
struct xt_secmark_target_info, which I'd guess would simply be a smack_t.
- James
--
James Morris <jmorris@namei.org>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Scope of SECMARK_MODE_SEL
2007-08-03 21:38 ` James Morris
@ 2007-08-04 18:20 ` Casey Schaufler
0 siblings, 0 replies; 3+ messages in thread
From: Casey Schaufler @ 2007-08-04 18:20 UTC (permalink / raw)
To: James Morris, Casey Schaufler; +Cc: SELinux List
--- James Morris <jmorris@namei.org> wrote:
> On Fri, 3 Aug 2007, Casey Schaufler wrote:
>
> >
> > It is my assumption that SECMARK_MODE_SEL is defined and coded solely
> > for use by SELinux and that it is not intended as a general purpose
> > secmark for any random LSM to use. I assume that if another LSM wants
> > to use SECMARK that it needs to supply its own SECMARK_MODE value and
> > checkentry function.
> >
> > Are my assumptions accurate?
>
> Yes, and you likely also need to add your own entry to the union in
> struct xt_secmark_target_info, which I'd guess would simply be a smack_t.
Thank you. My question was really aimed at finding out if the
code should be changed as part of the effort to pull SELinux
dependencies out of the audit code. Smack and xfrm is a distinct
set of work.
Casey Schaufler
casey@schaufler-ca.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-08-04 18:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-03 19:53 Scope of SECMARK_MODE_SEL Casey Schaufler
2007-08-03 21:38 ` James Morris
2007-08-04 18:20 ` Casey Schaufler
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.