[redhat-lspp] Syscalls questions
Stephen Smalley
sds at tycho.nsa.gov
Fri Jun 30 15:11:17 UTC 2006
On Tue, 2006-06-27 at 14:35 -0400, Stephen Smalley wrote:
> > ioprio_get
> > ioprio_set
>
> A security hook was recently added for ioprio_set. No checking (DAC or
> MAC) is currently applied on ioprio_get. But it can be used to get the
> ioprio of another task, so it seems suspect.
ioprio_get is now also hooked by SELinux (applies existing getsched
process permission check between the two task security contexts).
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list