dynamic context transitions
Elrond
elrond at samba-tng.org
Wed Nov 3 10:51:27 GMT 2004
On Mon, Nov 01, 2004 at 06:45:38PM +0000, Luke Kenneth Casson Leighton wrote:
[...]
> type1_t: access to samba configuration files [only!] seteuid: 0
> type2_t: access to user files [only!] seteuid: NNNN
> type3_t: access to pretty much nothing (except that needed for cleanup
> operations)
>
> the loop is type1_t, call become_user() -> goes to type2_t
> then call unbecome_user() -> transitions to type3_t and does cleanup
> (e.g. frees any alloc'd memory associated with user - if necessary)
> and then transitions to type1_t, ready for the next incoming SMB
> packet.
[...]
Yikes... I like this!
If anyone from selinux wants to help, we can try this all
out in Samba TNG!
Elrond
More information about the samba-technical
mailing list