[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] collect security labels on user processes generating audit messages



On Thu, 2006-02-09 at 10:13 -0600, Timothy R. Chavez wrote:
> On Thu, 2006-02-09 at 09:58 -0500, James Morris wrote:
> > Please look at the way I intend to export SELinux APIs in:
> > http://people.redhat.com/jmorris/selinux/skfilter/kernel/12-skfilter-selinux-exports.patch
> 
> This looks good.  Do you have a schedule for releasing this?  I could
> probably wait until it becomes available in -mm before changing out the
> API plumbing.

Note btw that the advantage of the security_sid_to_context() interface
(wrapped by James' selinux_id_to_ctx interface) is that it internally
allocates a buffer of the right length for you.  You don't have to query
for a length and allocate one yourself, unlike the selinux_getsecurity
interface.  You do still need to free it when done.

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]