On Mon, 2 Jul 2007, Ulrich Drepper wrote:
> On 7/2/07, Rik van Riel <[email protected]> wrote:
> > That should not happen. The default SELinux configuration
> > in Fedora (and Debian?) runs a few daemons in their own
> > restricted modes and has most of the system running in
> > unconfined_t, including the majority of user programs.
>
> This is the state as of F7. This will change hopefully soon.
> Programs like firefox run by normal users must be confined, to. Any
> tests using security must be fast, it's not something which is done
> only for a few apps.
The strong requirement would be that the cookie is not a bit longer than
sizeof(unsigned long).
For the "equality" check, this better be "==", although it could be
abstracted in a function/macro that SeLinux implements in a different way.
But this "equality" check is done a page-fault time, so it better be
pretty quick (otherwise if they bloat that path, they probably be better
of not using MAP_NOZERO at all).
- Davide
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
