[redhat-lspp] Re: [PATCH] cron changes needed for MLS range checking (requires at least the libselinux patches)
James Antill
jantill at redhat.com
Wed Nov 8 21:57:01 UTC 2006
On Wed, 2006-11-08 at 15:53 -0500, Stephen Smalley wrote:
> The scontext is supposed to be a process context in which to run the
> cron job, not a file context. You are presently replacing the default
> scontext (extracted from u->scontext that was previously computed) with
> a strange mixture of the crontab file context and the user-specified
> range. What you want to do is to take the default scontext value,
> create a new context that is identical except for its range (from the
> environment), and apply a check between those two contexts (and the
> check is only needed when using a user-supplied range).
Ok, I've used u->scontext instead of the file context now. I've also
renamed the variables. And the check should only happen if they specify
a different level.
> BTW, you cannot
> continue to refer to the string returned by context_str() after
> performing a context_free() on the structure; you'd have to dup it
> first.
Right, stupid mistake. Fixed that too.
--
James Antill <jantill at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vixie-cron-4.1-_60-SELinux-contains-range.patch
Type: text/x-patch
Size: 7514 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061108/7e695917/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061108/7e695917/attachment.sig>
More information about the redhat-lspp
mailing list