Re: Audit perms check on recv (Re: Two netlink patches)
On Fri, 2004-12-24 at 11:28, Serge E. Hallyn wrote:
> The basic approach seems reasonable to me. The untested patch
below
> should change SELinux to fit with this approach; it calls the secondary
Thanks. The attached patch includes this patch, but I won't be able to
test the SELinux part until I get back to the office after next week. In
the meantime I'll also look into taking the audit checks out of
selinux_netlink_send() as you mentioned in the other email.
I'd hold off on removing the SELinux audit checks for now, even if they
are redundant. I think we'll need to phase them out gradually while
adjusting policy at the same time.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency