ainit
Stephen Smalley
sds at tycho.nsa.gov
Mon Jul 25 14:18:53 UTC 2005
On Thu, 2005-07-21 at 21:42 +1000, Russell Coker wrote:
> The attached patch is needed for correct functionality of ainit with the
> latest strict policy when running reasonably recent rawhide packages.
>
> Is this really what we want? Having a system process allocate shared memory
> that can be used by any user processes? Also it seems likely that other
> sound programs will need to access the shared memory in question.
Not a good idea. Look at nscd handling for its shmem interface; we use
an attribute to allow certain domains such access, but most domains are
limited to the socket IPC-based interface. This program should likewise
have some kind of fallback to an IPC-based interface if the shmem
interface isn't allowed.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list