From: Russell Coker <russell@coker.com.au>
To: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Cc: Stephen Smalley <sds@epoch.ncsc.mil>,
SE-Linux <selinux@tycho.nsa.gov>,
Daniel J Walsh <dwalsh@redhat.com>,
Linux Hotplug Dev List
<linux-hotplug-devel@lists.sourceforge.net>
Subject: Re: matchfilecon (the program) vs matchfilecon (the libselinux1 fn)
Date: Fri, 06 Aug 2004 12:05:08 +0000 [thread overview]
Message-ID: <200408062205.08533.russell@coker.com.au> (raw)
In-Reply-To: <20040802211212.GB6260@lkcl.net>
On Tue, 3 Aug 2004 07:12, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> p.s. first cut at mods attached for general review NO I HAVEN'T
> COMPILED IT.
One thing to note is that is_selinux_enabled() reads /proc/filesystems and
then reads /proc/self/attr/current. This is more work than you want to do
for every device node. So you want to cache the result of
is_selinux_enabled() to some degree. You certainly don't want to call it
twice in the same code path.
udev is tricky in this regard because there is the possibility that udev may
be started before SE Linux is enabled.
Maybe the best thing to do would be to check for SE Linux being enabled once
for each group of new devices that you add, and only once for the system
startup.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
next prev parent reply other threads:[~2004-08-06 12:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20040801172751.GD20103@lkcl.net>
[not found] ` <1091455223.23449.66.camel@moss-spartans.epoch.ncsc.mil>
[not found] ` <20040802145724.GG4194@lkcl.net>
[not found] ` <1091458325.23449.102.camel@moss-spartans.epoch.ncsc.mil>
[not found] ` <20040802191243.GJ4194@lkcl.net>
[not found] ` <1091474356.23449.272.camel@moss-spartans.epoch.ncsc.mil>
2004-08-02 21:12 ` matchfilecon (the program) vs matchfilecon (the libselinux1 fn) Luke Kenneth Casson Leighton
2004-08-03 11:11 ` Stephen Smalley
2004-08-03 13:37 ` Luke Kenneth Casson Leighton
2004-08-06 12:05 ` Russell Coker [this message]
2004-08-07 12:23 ` Luke Kenneth Casson Leighton
2004-08-02 21:25 ` Luke Kenneth Casson Leighton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200408062205.08533.russell@coker.com.au \
--to=russell@coker.com.au \
--cc=dwalsh@redhat.com \
--cc=linux-hotplug-devel@lists.sourceforge.net \
--cc=lkcl@lkcl.net \
--cc=sds@epoch.ncsc.mil \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).