From: Simon McVittie <smcv@collabora.com>
To: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: mtk.manpages@gmail.com, linux-man@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Subject: Re: [PATCH] socket.7,unix.7: add initial description for SO_PEERSEC
Date: Fri, 11 Sep 2020 10:23:20 +0100 [thread overview]
Message-ID: <20200911092320.GA1302235@horizon> (raw)
In-Reply-To: <20200910210059.34759-1-stephen.smalley.work@gmail.com>
On Thu, 10 Sep 2020 at 17:00:59 -0400, Stephen Smalley wrote:
> +For SELinux, the security context string is a null-terminated
> +string and the returned length includes the terminating null.
> +Other security modules may differ.
We discussed this interface a while ago when I was setting up dbus to
use SO_PEERSEC. It would be really useful if the man page documented
what callers can and can't expect from an unknown LSM, so that the
author of the next D-Bus-equivalent doesn't have to turn up on the
linux-security-module list and annoy maintainers like I did.
Perhaps something like this?
The security context string may include a terminating null character
in the returned length, but is not guaranteed to do so:
a security context "foo" might be represented as either {'f','o','o'}
of length 3 or {'f','o','o','\0'} of length 4, which are considered
to be interchangeable. It is printable, does not contain non-terminating
null characters, and is in an unspecified encoding (in particular it is
not guaranteed to be ASCII or UTF-8).
Thanks,
smcv
next prev parent reply other threads:[~2020-09-11 9:23 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-10 21:00 [PATCH] socket.7,unix.7: add initial description for SO_PEERSEC Stephen Smalley
2020-09-11 9:23 ` Simon McVittie [this message]
2020-09-11 12:20 ` Stephen Smalley
2020-09-11 19:33 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200911092320.GA1302235@horizon \
--to=smcv@collabora.com \
--cc=linux-man@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).