[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] collect security labels on user processes generating audit messages



On Wed, 2006-02-15 at 10:41 -0600, Timothy R. Chavez wrote:
> On Wed, 2006-02-15 at 11:17 -0500, Stephen Smalley wrote:
> > On Wed, 2006-02-15 at 09:49 -0600, Timothy R. Chavez wrote:
> > > This makes sense to me.  I'll go ahead and make the change.  I wouldn't
> > > even technically need the function or function call in my patch since
> > > selinux_available() simply returns ss_initialized.
> > 
> > Well, I think we want to keep that variable private to the SELinux
> > "module".  In the future, we'll likely add proper namespace prefixes to
> > all non-static SELinux symbols to avoid polluting the kernel namespace.
> >  
> 
> I think maybe I miscommunicated my intentions.  If I move the check to
> determine whether or not SELinux is enabled into selinux_id_to_ctx(),
> then I can simply use ss_initialized directly rather then calling
> selinux_available(), as I'll be making the check within the SELinux
> "module" (selinux/exports.c).

Ah, ok - no problem then.

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]