On Sun, 12 Mar 2006, Andrew Morton wrote:
> Author: Catherine Zhang <[email protected]>
> Date: Fri Mar 10 00:34:15 2006 -0800
>
> [SECURITY]: TCP/UDP getpeersec
>
> This patch implements an application of the LSM-IPSec networking
> controls whereby an application can determine the label of the
> security association its TCP or UDP sockets are currently connected to
> via getsockopt and the auxiliary data mechanism of recvmsg.
>
> Which I am sure is very good.
Think of it as an extension of the existing Linux SO_PASSCRED for Unix
sockets, which currently allow you to authenticate the uid/gid/pid of a
local peer process with which you are communicating. But now extended to
other security information such as an SELinux security context, and for
non-local processes, protected and authenticated via IPsec.
- James
--
James Morris
<[email protected]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
