[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 1/3] Add a function to the security driver API that sets the label of an open fd.



On 01/25/2011 04:03 PM, Laine Stump wrote:
On 01/25/2011 12:48 PM, Daniel P. Berrange wrote:
On Tue, Jan 25, 2011 at 04:24:18AM -0500, Laine Stump wrote:
A need was found to set the SELinux context label on an open fd (a
pipe, as a matter of fact). This patch adds a function to the security
driver API that will set the label on an open fd to secdef.label. For
all drivers other than the SELinux driver, it's a NOP. For the SElinux
driver, it calls fsetfilecon().

If the return is a failure, it only returns error up to the caller if
1) the desired label is different from the existing label, 2) the
destination fd is of a type that supports setting the selinux context,
and 3) selinux is in enforcing mode. Otherwise it will return
success. This follows the pattern of the existing function
SELinuxSetFilecon().
ACK


Thanks. I'll hold off on pushing this just in case the discussion on PATCH 2/3 leads to a change requirement in this one.

Now pushed.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]