* [PATCH v2] mcstrans: remove unused getpeercon_raw() call
@ 2018-10-24 15:35 Yuli Khodorkovskiy
2018-10-24 20:01 ` [Non-DoD Source] " Stephen Smalley
2018-10-26 13:56 ` Stephen Smalley
0 siblings, 2 replies; 3+ messages in thread
From: Yuli Khodorkovskiy @ 2018-10-24 15:35 UTC (permalink / raw)
To: selinux; +Cc: Joshua Brindle
There is a call to getpeercon_raw() in mcstransd, but nothing is done
with the context. The purpose of process_request() is to translate a
context and we would like that to succeed even if, for some reason,
getpeercon_raw() fails.
Signed-off-by: Yuli Khodorkovskiy <yuli@crunchydata.com>
Signed-off-by: Joshua Brindle <joshua.brindle@crunchydata.com>
---
mcstrans/src/mcstransd.c | 10 ----------
1 file changed, 10 deletions(-)
v2:
- Remove comment about MLS clearance check in peercon
diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
index d7fc5dea..85899493 100644
--- a/mcstrans/src/mcstransd.c
+++ b/mcstrans/src/mcstransd.c
@@ -142,17 +142,8 @@ process_request(int fd, uint32_t function, char *data1, char *UNUSED(data2))
{
int32_t result;
char *out = NULL;
- char *peercon = NULL;
int ret;
- ret = getpeercon_raw(fd, &peercon);
- if (ret < 0)
- return ret;
-
- /* TODO: Check if MLS clearance (in peercon) dominates the MLS label
- * (in the request input).
- */
-
switch (function) {
case SETRANS_INIT:
result = 0;
@@ -184,7 +175,6 @@ process_request(int fd, uint32_t function, char *data1, char *UNUSED(data2))
}
free(out);
- freecon(peercon);
return ret;
}
--
2.19.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Non-DoD Source] [PATCH v2] mcstrans: remove unused getpeercon_raw() call
2018-10-24 15:35 [PATCH v2] mcstrans: remove unused getpeercon_raw() call Yuli Khodorkovskiy
@ 2018-10-24 20:01 ` Stephen Smalley
2018-10-26 13:56 ` Stephen Smalley
1 sibling, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2018-10-24 20:01 UTC (permalink / raw)
To: Yuli Khodorkovskiy, selinux; +Cc: Joshua Brindle
On 10/24/2018 11:35 AM, Yuli Khodorkovskiy wrote:
> There is a call to getpeercon_raw() in mcstransd, but nothing is done
> with the context. The purpose of process_request() is to translate a
> context and we would like that to succeed even if, for some reason,
> getpeercon_raw() fails.
>
> Signed-off-by: Yuli Khodorkovskiy <yuli@crunchydata.com>
> Signed-off-by: Joshua Brindle <joshua.brindle@crunchydata.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
> ---
> mcstrans/src/mcstransd.c | 10 ----------
> 1 file changed, 10 deletions(-)
>
> v2:
> - Remove comment about MLS clearance check in peercon
>
> diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
> index d7fc5dea..85899493 100644
> --- a/mcstrans/src/mcstransd.c
> +++ b/mcstrans/src/mcstransd.c
> @@ -142,17 +142,8 @@ process_request(int fd, uint32_t function, char *data1, char *UNUSED(data2))
> {
> int32_t result;
> char *out = NULL;
> - char *peercon = NULL;
> int ret;
>
> - ret = getpeercon_raw(fd, &peercon);
> - if (ret < 0)
> - return ret;
> -
> - /* TODO: Check if MLS clearance (in peercon) dominates the MLS label
> - * (in the request input).
> - */
> -
> switch (function) {
> case SETRANS_INIT:
> result = 0;
> @@ -184,7 +175,6 @@ process_request(int fd, uint32_t function, char *data1, char *UNUSED(data2))
> }
>
> free(out);
> - freecon(peercon);
>
> return ret;
> }
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] mcstrans: remove unused getpeercon_raw() call
2018-10-24 15:35 [PATCH v2] mcstrans: remove unused getpeercon_raw() call Yuli Khodorkovskiy
2018-10-24 20:01 ` [Non-DoD Source] " Stephen Smalley
@ 2018-10-26 13:56 ` Stephen Smalley
1 sibling, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2018-10-26 13:56 UTC (permalink / raw)
To: Yuli Khodorkovskiy, selinux; +Cc: Joshua Brindle
On 10/24/2018 11:35 AM, Yuli Khodorkovskiy wrote:
> There is a call to getpeercon_raw() in mcstransd, but nothing is done
> with the context. The purpose of process_request() is to translate a
> context and we would like that to succeed even if, for some reason,
> getpeercon_raw() fails.
>
> Signed-off-by: Yuli Khodorkovskiy <yuli@crunchydata.com>
> Signed-off-by: Joshua Brindle <joshua.brindle@crunchydata.com>
Thanks, applied.
> ---
> mcstrans/src/mcstransd.c | 10 ----------
> 1 file changed, 10 deletions(-)
>
> v2:
> - Remove comment about MLS clearance check in peercon
>
> diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
> index d7fc5dea..85899493 100644
> --- a/mcstrans/src/mcstransd.c
> +++ b/mcstrans/src/mcstransd.c
> @@ -142,17 +142,8 @@ process_request(int fd, uint32_t function, char *data1, char *UNUSED(data2))
> {
> int32_t result;
> char *out = NULL;
> - char *peercon = NULL;
> int ret;
>
> - ret = getpeercon_raw(fd, &peercon);
> - if (ret < 0)
> - return ret;
> -
> - /* TODO: Check if MLS clearance (in peercon) dominates the MLS label
> - * (in the request input).
> - */
> -
> switch (function) {
> case SETRANS_INIT:
> result = 0;
> @@ -184,7 +175,6 @@ process_request(int fd, uint32_t function, char *data1, char *UNUSED(data2))
> }
>
> free(out);
> - freecon(peercon);
>
> return ret;
> }
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-10-26 13:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-24 15:35 [PATCH v2] mcstrans: remove unused getpeercon_raw() call Yuli Khodorkovskiy
2018-10-24 20:01 ` [Non-DoD Source] " Stephen Smalley
2018-10-26 13:56 ` Stephen Smalley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).