[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [kay.sievers@vrfy.org]

From: Stephen Smalley <sds tycho nsa gov>
To: Kay Sievers <kay sievers vrfy org>
Cc: Daniel J Walsh <dwalsh redhat com>, Bill Nottingham <notting redhat com>, fedora-selinux-list redhat com
Subject: Re: [kay.sievers@vrfy.org]
Date: Tue, 07 Feb 2006 08:29:25 -0500

On Tue, 2006-02-07 at 02:18 +0100, Kay Sievers wrote:
> The udev event processes, the ones that actually create the device node
> are just clones of the main daemon, they run the same code, the same
> memory as the main daemon, they don't exec() anything. So everything that
> is available in the main daemon before the event process is forked, will
> also be available in the event process itself while it is creating the
> node.
> 
> That's the reason I was asking, cause it sounds like the current selinux
> integration could be optimized. Seems there is no need for any pipe or other
> ipc, if selinux is fine with the inherited state from the daemon.

Yes, in that case, performing the matchpathcon_init_prefix call once in
the main daemon would likely be fine.  

-- 
Stephen Smalley
National Security Agency

References:
- [kay.sievers@vrfy.org]
  - From: Bill Nottingham
- Re: [kay.sievers@vrfy.org]
  - From: Stephen Smalley
- Re: [kay.sievers@vrfy.org]
  - From: Daniel J Walsh
- Re: [kay.sievers@vrfy.org]
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]