Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.

On Friday, August 24 2007 8:58:28 am Kentaro Takeda wrote:
> LSM hooks for network accept and recv:
>    * socket_post_accept is modified to return int.

This has been discussed several times on various lists and is not considered 
an acceptable solution to blocking incoming stream connection attempts.  
Please take a look at the existing LSM stream connection request hooks as 
well as how SELinux makes use of them.

>    * post_recv_datagram is added in skb_recv_datagram.

Can you explain to me why this is not possible using the existing 
security_socket_sock_rcv_skb() LSM hook?

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.
  - From: Tetsuo Handa <[email protected]>

References:
- [TOMOYO 00/15] TOMOYO Linux - MAC based on process invocation histroy
  - From: Kentaro Takeda <[email protected]>
- [TOMOYO 15/15] LSM expansion for TOMOYO Linux.
  - From: Kentaro Takeda <[email protected]>

Prev by Date: Re: CFS review
Next by Date: Re: [PATCH] SLUB: use have_arch_cmpxchg()
Previous by thread: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.
Next by thread: Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]