| dcc55dba560fd6f8bf35876eb60d88175d191fca |
|
14-May-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
mcstransd: don't reinvent getpeercon, badly.
libselinux provides a proper getpeercon() implementation that uses
getsockopt with SO_PEERSEC to reliably obtain the peer's security
context from the kernel. mcstransd for reasons unknown rolled its
own get_peer_con() function that uses getsockopt SO_PEERCRED
to obtain the peer PID and then calls getpidcon_raw(). That's
less efficient and less secure (subject to races; peer context
may have changed since connect). Don't do that.
The peer context doesn't appear to be used for anything currently,
although there is a comment suggesting adding a permission check to
see if the requester dominates the label to be translated to control
what labels can be translated by what peers. Could likely dispense
with it altogether.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/policycoreutils/mcstrans/src/mcstransd.c
|
| 8ca93d6b9d5b18bf37dccea4aa25ac81b93f0ba9 |
|
27-Mar-2012 |
Dan Walsh <dwalsh@redhat.com> |
policycoreutils: mcstrans: add -f to run in foreground
Add an -f option to run mcstransd in the foreground. This will allow better
integration into systemd.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/policycoreutils/mcstrans/src/mcstransd.c
|
| 7e0f0124743d241354afa888f3bfe23355679bc9 |
|
27-Oct-2010 |
Steve Lawrence <slawrence@tresys.com> |
Cleanup/minor fixes to mcstrans
The majority of the patch is just handling the case of memory
allocation failures and making sure things get cleaned up correctly in
those cases.
This also moves duplicate code in parse_ebitmap() and parse_raw() into
parse_category(), and also updates the parse function to ensure the
config files are in the correct format.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/policycoreutils/mcstrans/src/mcstransd.c
|
| c89625db93f63f29a57451e692ae33ab24d49291 |
|
21-Jul-2010 |
Xavier Toth <txtoth@gmail.com> |
Add mcstrans to policycoreutils
SELinux Project contribution of mcstrans. mcstrans is a userland package
specific to SELinux which allows system administrators to define
sensitivity levels and categories and provides a daemon for their
translation into human readable form. This version is a merge of Joe
Nalls git tree ( http://github.com/joenall/mcstrans) and patches
supplied by Dan Walsh and others at RedHat.
Ted
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/policycoreutils/mcstrans/src/mcstransd.c
|