[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [redhat-lspp] Syscalls questions

From: Stephen Smalley <sds tycho nsa gov>
To: Kris Wilson <krisw us ibm com>
Cc: lspp-list <redhat-lspp redhat com>, Daniel J Walsh <dwalsh redhat com>, James Morris <jmorris namei org>
Subject: Re: [redhat-lspp] Syscalls questions
Date: Fri, 30 Jun 2006 11:11:17 -0400

On Tue, 2006-06-27 at 14:35 -0400, Stephen Smalley wrote:
> > ioprio_get
> > ioprio_set
> 
> A security hook was recently added for ioprio_set.  No checking (DAC or
> MAC) is currently applied on ioprio_get.  But it can be used to get the
> ioprio of another task, so it seems suspect.

ioprio_get is now also hooked by SELinux (applies existing getsched
process permission check between the two task security contexts).

-- 
Stephen Smalley
National Security Agency

References:
- [redhat-lspp] Syscalls questions
  - From: Kris Wilson
- Re: [redhat-lspp] Syscalls questions
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]