Re: Another slab size-32 leak 2.6.16-rc4-mm2
On Tue, Feb 28, 2006 at 05:37:40PM -0600, Dustin Kirkland wrote:
Klaus- are you calling the audit_ipc_perms() calls in ipc/*c too
intrusive? Does this recommendation gel with the current popular
opinion? Does this mean that the current audit_ipc_perms() calls in
ipc/*c should be moved into the SELinux code, or rather that additional
code is required in the SELinux code?
As I understand it, the code as it stands in Viro's git tree performs
all of (a), (b), (c), and (d) sufficiently for collecting the context
of IPC objects, as well as the subject contexts of the initiating
syscalls for LSPP certification.
I'm not asking for any specific change, and if the current code's
maintainer is happy with the hooks as implemented now that's fine. I was
just saying that putting strictly label related functionality into the
SELinux part of the code sounds like a reasonable way to implement it,
but that would be more along the line of a janitorial change if people
prefer that approach. We're not going for EAL8 with requirements for
maximally elegant and beautiful code ;)
At this point, I'm trying to understand if there are additional
to-do's
beyond the memory leak patch submitted by Steve Grubb and ack'ed by me
earlier in this thread. If there are, please specify, and if not,
please apply the memory leak patch and let's move on. I'd like to hear
Al's opinion on the matter, as the audit tree is his now and it's up to
him whether or not to push on to Andrew.
I'm not aware of anything additional needed. I haven't tested the code,
and am not very familiar with it, so I can't definitely promise that it
currently meets all the requirements, but that's what the testing process
is for.
-Klaus