Re: [v9.1] Add security hook on initialization of instance

KaiGai,

* KaiGai Kohei (kaigai@ak.jp.nec.com) wrote:
> On the other hand, a security feature have to identify the client and
> assign an appropriate set of privileges on the session prior to it being
> available for users.
[...]
> However, here is no hooks available for the purpose.

I believe we understand the issue now, my point was that in the future
let's have this discussion first.

> One idea is, as Robert suggested, that we can invoke getpeercon() at
> the first call of SELinux module and store it on the local variable.
> It will work well as long as getpeercon() does not cause an error.

Let's work with this approach to build a proof-of-concept that at least
the DML hook will work as advertised.  We've got alot of time till 9.1
and I think that if we can show that a module exists that implements
SELinux using the DML hook, and that a few other hooks are needed to
address short-comings in that module, adding them won't be a huge issue.
Thanks,
    Stephen