* Andrew Morton ([EMAIL PROTECTED]) wrote: > Chris Wright <[EMAIL PROTECTED]> wrote: > > Catherine, the security_sid_to_context() is a raw SELinux function which > > crept into core code and should not have been there. The fallout fixes > > included conditionally exporting security_sid_to_context, and finally > > scm_send/recv unlining. > > Yes. So we're OK up the uninlining, right?
Yes, although sid_to_context is meant to be analog to the other get_peersec calls, and should really be made a proper part of the interface (can be done later, correctness is the issue at hand). > > The end result in -mm looks broken to me. > > Specifically, it now does: > > > > ucred->uid = tsk->uid; > > ucred->gid = tsk->gid; > > ucred->pid = tsk->tgid; > > scm->fp = NULL; > > scm->seq = 0; > > if (msg->msg_controllen <= 0) > > return 0; > > > > scm->sid = security_sk_sid(sock->sk, NULL, 0); > > > > The point of Catherine's original patch was to make sure there's always > > a security identifier associated with AF_UNIX messages. So receiver > > can always check it (same as having credentials even w/out sender > > control message passing them). Now we will have garbage for sid. > > This answers the question I've been asking all and sundry for a week, thanks > ;) > So: > > - scm-fold-__scm_send-into-scm_send.patch is OK Yes. > - scm_send-speedup.patch is wrong Yes. > - Catherine's patch introduces a possibly-significant performance > problem: we're now calling the expensive-on-SELinux security_sk_sid() > more frequently than we used to. I don't expect security_sk_sid() to be terribly expensive. It's not an AVC check, it's just propagating a label. But I've not done any benchmarking on that. thanks, -chris - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
