Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.

On Friday, August 24 2007 8:58:28 am Kentaro Takeda wrote:
> LSM hooks for network accept and recv:
>    * socket_post_accept is modified to return int.

This has been discussed several times on various lists and is not considered 
an acceptable solution to blocking incoming stream connection attempts.  
Please take a look at the existing LSM stream connection request hooks as 
well as how SELinux makes use of them.

>    * post_recv_datagram is added in skb_recv_datagram.

Can you explain to me why this is not possible using the existing 
security_socket_sock_rcv_skb() LSM hook?

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.
    • From: Tetsuo Handa <[email protected]>

• References:
  • [TOMOYO 00/15] TOMOYO Linux - MAC based on process invocation histroy
    • From: Kentaro Takeda <[email protected]>
  • [TOMOYO 15/15] LSM expansion for TOMOYO Linux.
    • From: Kentaro Takeda <[email protected]>

• Prev by Date: Re: CFS review
• Next by Date: Re: [PATCH] SLUB: use have_arch_cmpxchg()
• Previous by thread: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.
• Next by thread: Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]