Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Tetsuo Handa <penguin-kernel@...>

To: <paul.moore@...>

Cc: <linux-kernel@...>, <linux-security-module@...>, <chrisw@...>

Subject: Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.

Date: Tuesday, August 28, 2007 - 6:39 am

Hello.

Paul Moore wrote:
quoted text> >    * post_recv_datagram is added in skb_recv_datagram.
>
> Can you explain to me why this is not possible using the existing 
> security_socket_sock_rcv_skb() LSM hook?

socket_sock_rcv_skb() is a hook for enqueue time.
I want a hook for dequeue time, because what TOMOYO Linux is doing is
not "whether a socket created by foo is permitted to pick up
an incoming packet from specific address/port"
but "whether bar is permitted to pick up
an incoming packet from specific address/port".
At the time of enqueue, I can't know who will pick up that packet.

Same reason for socket_post_accept(). What TOMOYO Linux is doing is
not "whether a socket created by foo is permitted to accept
a connection request from specific address/port"
but "whether bar is permitted to accept
a connection request from specific address/port".
At the time of enqueue, I can't know who will pick up that request.
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[TOMOYO 00/15] TOMOYO Linux - MAC based on process invocatio..., Kentaro Takeda, (Fri Aug 24, 8:41 am)

[TOMOYO 15/15] LSM expansion for TOMOYO Linux., Kentaro Takeda, (Fri Aug 24, 8:58 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Mon Aug 27, 10:49 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Tue Aug 28, 6:39 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Tue Aug 28, 9:21 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Mon Sep 3, 9:15 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Tue Sep 4, 7:53 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Tue Sep 4, 10:02 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Wed Sep 5, 10:06 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Thu Sep 6, 9:04 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Thu Sep 6, 11:25 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Kyle Moffett, (Tue Sep 4, 10:13 am)

[TOMOYO 14/15] Conditional permission support., Kentaro Takeda, (Fri Aug 24, 8:57 am)

Re: [TOMOYO 14/15] Conditional permission support., Pavel Machek, (Sat Aug 25, 7:08 am)

Re: [TOMOYO 14/15] Conditional permission support., Tetsuo Handa, (Sat Aug 25, 10:13 pm)

Re: [TOMOYO 14/15] Conditional permission support., Kyle Moffett, (Mon Aug 27, 8:11 am)

Re: [TOMOYO 14/15] Conditional permission support., Tetsuo Handa, (Tue Aug 28, 9:00 am)

Re: [TOMOYO 14/15] Conditional permission support., Toshiharu Harada, (Sat Aug 25, 6:46 pm)

[TOMOYO 13/15] LSM adapter for TOMOYO., Kentaro Takeda, (Fri Aug 24, 8:56 am)

[TOMOYO 12/15] Signal transmission control functions., Kentaro Takeda, (Fri Aug 24, 8:56 am)

[TOMOYO 11/15] Namespace manipulation control functions., Kentaro Takeda, (Fri Aug 24, 8:55 am)

[TOMOYO 10/15] Networking access control functions., Kentaro Takeda, (Fri Aug 24, 8:54 am)

[TOMOYO 09/15] Argv[0] access control functions., Kentaro Takeda, (Fri Aug 24, 8:53 am)

[TOMOYO 08/15] File access control functions., Kentaro Takeda, (Fri Aug 24, 8:53 am)

[TOMOYO 07/15] Auditing interface., Kentaro Takeda, (Fri Aug 24, 8:52 am)

[TOMOYO 06/15] Domain transition handler functions., Kentaro Takeda, (Fri Aug 24, 8:50 am)

[TOMOYO 05/15] Utility functions and /proc interface for pol..., Kentaro Takeda, (Fri Aug 24, 8:49 am)

[TOMOYO 04/15] Memory and pathname management functions., Kentaro Takeda, (Fri Aug 24, 8:48 am)

[TOMOYO 03/15] Data structures and prototypes definition., Kentaro Takeda, (Fri Aug 24, 8:46 am)

[TOMOYO 02/15] Kconfig and Makefile for TOMOYO Linux., Kentaro Takeda, (Fri Aug 24, 8:45 am)

Re: [TOMOYO 02/15] Kconfig and Makefile for TOMOYO Linux., Jiri Kosina, (Fri Aug 24, 8:50 am)

[TOMOYO 01/15] Allow use of namespace_sem from LSM module., Kentaro Takeda, (Fri Aug 24, 8:44 am)

Navigation

Popular discussions


linux-kernel:
Greg KH	[GIT PATCH] driver core patches against 2.6.24
debian developer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Vu Pham	Re: [Scst-devel] Integration of SCST in the mainstream Linux kernel
Adrian Bunk	Re: Linux 2.6.21
git:

linux-netdev:
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Radu Rendec	Endianness problem with u32 classifier hash masks
Benjamin Herrenschmidt	[PATCH 0/11] ibm_newemac: Candidate patches for 2.6.25
openbsd-misc:

Colocation donated by:

Online users

jraval618

Syndicate