[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Two netlink patches



On Wed, 2004-12-15 at 12:20, Serge Hallyn wrote:
> Is there any objection to my sending the two netlink patches I recently
> sent out to lkml?  Just to refresh memory, the one (audit-fix-
> permchecks.diff) adds some message length checks and moves audit control
> message authorization to netlink message send, while the other (audit-
> loginuid.patch) changes the SET_LOGINUID behavior to set loginuid for
> the sending process (as expected) rather than whichever process happens
> to end up handling the message.

I'm still a bit concerned by the netlink autobind case.  Two points:
1) Why reset pid to 0 and then proceed to find_task_by_pid rather than
failing immediately?
2) Won't this break the common usage of netlink by applications?  I
think that we had to change libselinux to fall back on autobinding of
the netlink selinux socket because we were otherwise encountering
EADDRINUSE errors upon restarting a program due to deferred release of
the slot.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]