Re: [PATCH] scm: fold __scm_send() into scm_send()

From: Stephen Smalley
Date: Tue Mar 21 2006 - 08:25:25 EST


On Mon, 2006-03-20 at 15:15 -0800, Chris Wright wrote:
> * Andrew Morton (akpm@xxxxxxxx) wrote:
> > Chris Wright <chrisw@xxxxxxxxxxxx> wrote:
> > > Catherine, the security_sid_to_context() is a raw SELinux function which
> > > crept into core code and should not have been there. The fallout fixes
> > > included conditionally exporting security_sid_to_context, and finally
> > > scm_send/recv unlining.
> >
> > Yes. So we're OK up the uninlining, right?
>
> Yes, although sid_to_context is meant to be analog to the other
> get_peersec calls, and should really be made a proper part of the
> interface (can be done later, correctness is the issue at hand).

Yes, Catherine was told that she shouldn't be directly exporting
security_sid_to_context, and was allegedly working on a fix. Note
however that the expected solution is not a LSM interface but a set of
properly encapsulated interfaces exported directly from SELinux, based
on the iptables context matching patches by James. The same style of
interface is being put forth for the audit LSPP work. The indirection
of LSM serves no purpose here, as these users are specifically looking
for functionality provided only by SELinux.

> I don't expect security_sk_sid() to be terribly expensive. It's not
> an AVC check, it's just propagating a label. But I've not done any
> benchmarking on that.

No permission check there, but it looks like it does read lock
sk_callback_lock. Not sure if that is truly justified here.

--
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/