'Re: [RFC]integrity: SELinux patch'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: [RFC]integrity: SELinux patch
From:       Mimi Zohar <zohar () linux ! vnet ! ibm ! com>
Date:       2007-09-19 19:41:23
Message-ID: 1190230883.7323.3.camel () localhost ! localdomain
[Download RAW message or body]

On Wed, 2007-08-29 at 06:14 -0400, Mimi Zohar wrote:
> On Wed, 2007-08-29 at 00:16 -0400, Joshua Brindle wrote:
> > Mimi Zohar wrote:
> > 
> > > Index: linux-2.6.23-rc3-mm1/security/selinux/ss/services.c
> > > ===================================================================
> > > --- linux-2.6.23-rc3-mm1.orig/security/selinux/ss/services.c
> > > +++ linux-2.6.23-rc3-mm1/security/selinux/ss/services.c
> > > @@ -305,12 +305,12 @@ static int context_struct_compute_av(str
> > >  		    tclass <= SECCLASS_NETLINK_DNRT_SOCKET)
> > >  			tclass = SECCLASS_NETLINK_SOCKET;
> > >  
> > > -	if (!tclass || tclass > policydb.p_classes.nprim) {
> > > -		printk(KERN_ERR "security_compute_av:  unrecognized class %d\n",
> > > -		       tclass);
> > > -		return -EINVAL;
> > > -	}
> > > -	tclass_datum = policydb.class_val_to_struct[tclass - 1];
> > > +//	if (!tclass || tclass > policydb.p_classes.nprim) {
> > > +//		printk(KERN_ERR "security_compute_av:  unrecognized class %d\n",
> > > +//		       tclass);
> > > +//		return -EINVAL;
> > > +//	}
> > > +//	tclass_datum = policydb.class_val_to_struct[tclass - 1];
> > >  
> > >   
> > 
> > Err? Did you mean to submit it like this? This should be fixed by Eric's 
> > patch to handle unknown classes anyway.
> 
> I'm working off the latest -mm tree and that patch hasn't made it in yet,
> as well as some other patches.  For example, additional security class 
> numbers have been defined.  So I will need to update SECCLASS_INTEGRITY
> as well. The above code was added in order to test the patch. Once the 
> basic integrity concept has been reviewed and accepted, I will repost 
> based on the latest selinux development source tree.

Ok, so how do I get the latest selinux development source tree?

Thanks!

Mimi Zohar


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic