selinux May 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: [RFC PATCH v1 5/6] selinux: Convert socket related

Re: [RFC PATCH v1 5/6] selinux: Convert socket related access controls to use socket labels

From: Eric Paris <eparis_at_nospam>
Date: Tue May 04 2010 - 14:30:05 GMT
To: Paul Moore <>

On Mon, May 3, 2010 at 6:11 PM, Paul Moore <> wrote:
> At present, the socket related access controls use a mix of inode and
> socket labels; while there should be no practical difference (they
> _should_ always be the same), it makes the code more confusing. This
> patch attempts to convert all of the socket related access control
> points (with the exception of some of the inode/fd based controls) to
> use the socket's own label. In the process, I also converted the
> socket_has_perm() function to take a 'sock' argument instead of a
> 'socket' since that was adding a bit more overhead in some cases.

Should it be renamed to sock_has_perm() then?


-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.