SELinux support via SO_PEERSEC #8585
Labels
enhancement
New feature or incremental improvement
Comments
|
Sorry, but I don't think I'd like to maintain any SELinux-specific code. |
|
All good, appreciate the response |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've been wanting to implement a feature in sway but it's quite niche so I thought I'd ask before I starting any work on it. I wanted to add some restrictions to sway's privileged protocols by using SO_PEERSEC to obtain the security context of a client on the other end of a socket and then asking SELinux if an action for a set of defined privileged protocols is to be authorised or denied.
Overall it'll probably introduce a new selinux.c file along with a few changes in the socket code and some of the protocol code, but they'll all be behind feature guards for SELinux so shouldn't really leak into the rest of the codebase.
Could I ask for thoughts on the possibility of upstreaming or if there is anything you'd like me to consider early on?
Thanks!
The text was updated successfully, but these errors were encountered: