Hi Serge, This patch set implements what you suggested WRT setting /proc/self/attr/current in order to set a profile/context now instead of only at exec(2) time. I don't know how I missed the regular setcon(3) vs setexeccon(3) call, so doing "now" is obviously possible in SELinux as well, thanks for helping me find it!
I implemented it as an option flag to attach since only the caller knows which behavior they want (ie. they may be using attach to a function, but know that they are going to exec in their function and don't want the label set until then). In order to make sure this is all working, I implemented an attach.c test which tests both the exec(2) and function cases (and a plain old attach for good measure :) Tested on Ubuntu, Oracle, Fedora. ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
