dynamic context transitions

Luke Kenneth Casson Leighton lkcl at lkcl.net
Mon Nov 1 22:21:11 GMT 2004

On Mon, Nov 01, 2004 at 03:50:33PM -0500, Stephen Smalley wrote:
> On Mon, 2004-11-01 at 16:00, Luke Kenneth Casson Leighton wrote:
> > > Except that SELinux mediates access to file descriptors upon transfer
> > > via local socket IPC as well as attempted use for read/write, so SELinux
> > > is still going to apply a permission check to the parent smbd process in
> > > that situation.  
> > 
> >  that i would expect.
> So you are ok with allowing smbd_t the union of all smbd_$1_t
> permissions?

 i haven't analysed the samba.te policy in enough detail to be able to

> > > Not to mention that this no doubt has a significant
> > > cost.
> > 
> >  that i was not expecting.
> Not the cost of the mediation, the cost of fork+exec'ing these children
> for each client.  

 oh right!

> Isn't that likely to add significant overhead?

 that can be mitigated against by using techniques already in place in
 apache: pre-forking.

 i am genuinely surprised that, several years after apache deployed the
 technique of pre-forking (which wasn't new then), samba doesn't do

 ... so that would leave russell's and andrew's technique still as the
 top simplest solution, with pre-forking as a possible way to reduce


More information about the samba-technical mailing list