From mboxrd@z Thu Jan 1 00:00:00 1970 From: Luke Kenneth Casson Leighton Date: Wed, 18 Aug 2004 16:04:59 +0000 Subject: Re: idea - running setfiles out of inetd! Message-Id: <20040818160459.GH19646@lkcl.net> List-Id: References: <20040817194712.GV18321@lkcl.net> <200408181956.46017.russell@coker.com.au> In-Reply-To: <200408181956.46017.russell@coker.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Russell Coker Cc: SE-Linux , Linux Hotplug Dev List On Wed, Aug 18, 2004 at 07:56:46PM +1000, Russell Coker wrote: > On Wed, 18 Aug 2004 05:47, Luke Kenneth Casson Leighton wrote: > > i'd like to canvas people's opinions of running > > "setfiles -q -s /etc/selinux/contexts/file_contexts" from inetd > > Bad idea, anyone can call it. i've done root-only-accessible unix domain socket stuff before now, it's necessary to create a directory which is 0500 and then inside that the socket is 0600 [some unixen don't support permissions on sockets] > > the alternative is, in the case of udev, to merge the functionality > > of udevd and udevsend, such that the file context cacheing can > > be taken advantage of. > > What if udev spawns "setfiles -q -s" and then sends the file names down the > pipe to it only closing the pipe after a certain time period of no new nodes? okay, cool... so.... hey yes, of course. yes, so that could be run from the main udev process, i get it. and you exec each udevstart to create the file name, and then send the same filename down to the "setfiles -q -s". is using popen() okay to do that? what implications [on policy writing and also security] will it have to be running setfiles from inside udev (bearing in mind that popen involves a pipe and a fork) ... darn! how many programs has udev been split into??? :) ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel