Re: Two netlink patches
On Wed, 2004-12-15 at 12:20, Serge Hallyn wrote:
Is there any objection to my sending the two netlink patches I
recently
sent out to lkml? Just to refresh memory, the one (audit-fix-
permchecks.diff) adds some message length checks and moves audit control
message authorization to netlink message send, while the other (audit-
loginuid.patch) changes the SET_LOGINUID behavior to set loginuid for
the sending process (as expected) rather than whichever process happens
to end up handling the message.
I'm still a bit concerned by the netlink autobind case. Two points:
1) Why reset pid to 0 and then proceed to find_task_by_pid rather than
failing immediately?
2) Won't this break the common usage of netlink by applications? I
think that we had to change libselinux to fall back on autobinding of
the netlink selinux socket because we were otherwise encountering
EADDRINUSE errors upon restarting a program due to deferred release of
the slot.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency