mirror of
https://github.com/SELinuxProject/selinux
synced 2025-02-05 20:32:58 +00:00
dcc55dba56
libselinux provides a proper getpeercon() implementation that uses getsockopt with SO_PEERSEC to reliably obtain the peer's security context from the kernel. mcstransd for reasons unknown rolled its own get_peer_con() function that uses getsockopt SO_PEERCRED to obtain the peer PID and then calls getpidcon_raw(). That's less efficient and less secure (subject to races; peer context may have changed since connect). Don't do that. The peer context doesn't appear to be used for anything currently, although there is a comment suggesting adding a permission check to see if the requester dominates the label to be translated to control what labels can be translated by what peers. Could likely dispense with it altogether. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> |
||
|---|---|---|
| .. | ||
| man | ||
| share | ||
| src | ||
| utils | ||
| ChangeLog | ||
| COPYING | ||
| Makefile | ||
| TODO | ||
| VERSION | ||