Re: Latest diffs

On Mon, Jan 08, 2007 at 12:48:36PM -0500, Christopher J. PeBenito wrote:
> On Wed, 2007-01-03 at 15:48 -0600, Klaus Weidner wrote:
> > On Wed, Jan 03, 2007 at 11:54:44AM -0500, Daniel J Walsh wrote:
> > > sudo reads netlink_route_socket,  wants to look at the kernel key ring, 
> > > stores a token in the pam_pid directory, and needs to getattr on all 
> > > "user" executables.
> > > 
> > > Some changes to su in order to handle key rings,  Needs 
> > > mls_file_write_down.  Need to be able to su from different domains, and 
> > > pam_rootok causes some selinux_compute_access checks.
> > [...]
> > > sshd wants to look at kernel key ring
> > [...]
> > > fixes for authlogin handling of keyrings and mls, as well as pcscd
> > 
> > I'm confused about what kernel keyring features are currently available
> > in the current policy, and who gets to use them.
> 
> I haven't had a chance to look at the patch, but what is currently
> upstream does not allow users to do anything with keys.  Here's the
> current rules across the entire upstream repo (which includes modules
> not enabled in the lspp policy):

That sounds harmless for the purposes of the LSPP evaluation, thanks for
the clarification.

-Klaus

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@... with
the words "unsubscribe selinux" without quotes as the message.