[Labeled-nfs] [PATCH 4/7] Security: Add secctx_to_secid LSM hooks and security helper functions
Paul Moore
paul.moore at hp.com
Wed Aug 1 17:41:18 EDT 2007
On Wednesday, August 1 2007 5:11:27 pm Casey Schaufler wrote:
> --- "David P. Quigley" <dpquigl at tycho.nsa.gov> wrote:
> > From: David P. Quigley <dpquigl at tycho.nsa.gov>
> >
> > The existing LSM interface provides a hook for converting a security
> > identifier
> > to a security context. This patch introduces a complementary hook to
> > provide the conversion from the security context to corresponding
> > security identifier.
>
> This is strictly SELinux behavior. I don't suppose it hurts
> anything, but a general framework won't need this.
I'm not so sure about that ... having a mechanism which maps an arbitrarily
large label into a easily manipulated token (and back again) seems like
something that could be of use to other security mechanisms besides
SELinux/TE.
--
paul moore
linux security @ hp
More information about the Labeled-nfs
mailing list