Re: [PATCH] fix up security_socket_getpeersec_* documentation

Acked-by: Catherine Zhang <[email protected]>

Catherine

[email protected] wrote on 03/28/2006 08:02:53 AM:

> Update the security_socket_peersec documentation in
> include/linux/security.h.  security_socket_peersec has been split
> into two functions - _stream and _dgram, with new capabilities.
> 
> Signed-off-by: Serge Hallyn <[email protected]>
> 
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -782,9 +782,11 @@ struct swap_info_struct;
>   *   incoming sk_buff @skb has been associated with a particular 
socket, @sk.
>   *   @sk contains the sock (not socket) associated with the incoming 
sk_buff.
>   *   @skb contains the incoming network data.
> - * @socket_getpeersec:
> + * @socket_getpeersec_stream:
>   *   This hook allows the security module to provide peer socket 
security
> - *   state to userspace via getsockopt SO_GETPEERSEC.
> + *   state for unix or connected tcp sockets to userspace via 
getsockopt
> + *   SO_GETPEERSEC.  For tcp sockets this can be meaningful if the
> + *   socket is associated with an ipsec SA.
>   *   @sock is the local socket.
>   *   @optval userspace memory where the security state is to be copied.
>   *   @optlen userspace int where the module should copy the actual 
length
> @@ -793,6 +795,17 @@ struct swap_info_struct;
>   *   by the caller.
>   *   Return 0 if all is well, otherwise, typical getsockopt return
>   *   values.
> + * @socket_getpeersec_dgram:
> + *    This hook allows the security module to provide peer socket 
security
> + *    state for udp sockets on a per-packet basis to userspace via
> + *    getsockopt SO_GETPEERSEC.  The application must first have 
indicated
> + *    the IP_PASSSEC option via getsockopt.  It can then retrieve the
> + *    security state returned by this hook for a packet via the 
SCM_SECURITY
> + *    ancillary message type.
> + *    @skb is the skbuff for the packet being queried
> + *    @secdata is a pointer to a buffer in which to copy the security 
data
> + *    @seclen is the maximum length for @secdata
> + *    Return 0 on success, error on failure.
>   * @sk_alloc_security:
>   *      Allocate and attach a security structure to the 
> sk->sk_security field,
>   *      which is used to copy security attributes between local 
> stream sockets.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Prev by Date: Re: [PATCH 0/5] clocksource patches
• Next by Date: Kernel panic in add_entropy_words
• Previous by thread: [PATCH 5/5] cleanup clocksource drivers
• Next by thread: Kernel panic in add_entropy_words
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]