On 01/27/2015 12:29 PM, Sumit Bose wrote:
On Tue, Jan 27, 2015 at 11:31:58AM +0100, Jakub Hrozek wrote:
> On Tue, Jan 27, 2015 at 10:51:24AM +0100, Jakub Hrozek wrote:
>> Alternatively, we could only set and reset the umask in the caller. That
>> way, we would know that a short-lived selinux_child is changing umask.
>>
>> That is safer, but risks that we forget next time..so at least we need
>> to add a comment to the declaration in header.
>
> Attached is an alternate patch that only touches the umask in the
> short-lived process.
I would prefer this version if it passes Michal's tests.
bye,
Sumit
Works for me. Ack,
Michal