[PATCH 0/3] cr: support LSM credentials

Serge E. Hallyn serue at us.ibm.com
Wed Aug 12 11:12:37 PDT 2009


Here is my current code for lsm c/r support.  I'll be out a good
part of next week, but intend to spend the next few weeks doing
proper selinux implementation, working on the comments for these
earlier patches, and writing some automated tests.  These patches
seem solid on my setup, and shouldn't hurt anything to have in
the tree for testing.  I'm punting on the SELinux code this week
bc testing it requires a lot more userspace tweaking to properly
test.  That means that if you have an SELinux-enabled kernel, you
will be able to use mktree without -k as usual to get default
labeling, but mktree -k < out will return -ENOSYS.

I'm not sending to linux-kernel-module or selinux lists because
that will require writing patch intros describing c/r again
etc...

-serge


More information about the Containers mailing list