Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Kyle Moffett <mrmacman_g4@...>

To: Tetsuo Handa <penguin-kernel@...>

Cc: <paul.moore@...>, <linux-kernel@...>, <linux-security-module@...>, <chrisw@...>

Subject: Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.

Date: Tuesday, September 4, 2007 - 10:13 am

On Sep 04, 2007, at 10:02:46, Tetsuo Handa wrote:
quoted text> Hmm, I can't understand why I have to perform access control at  
> "enqueue" time.
>
> What I want to do is
>   allow process1 receive UDP packets from 10.0.0.1 port 1024
>   allow process2 receive UDP packets from 10.0.0.2 port 2048
> when there is no guarantee that process1 and process2 are not  
> sharing a socket.
>
> If there is guarantee that process1 and process2 are not sharing a  
> socket,
> I can do it using netfilter.

Well, we used to be able to do that with netfilter but it had the  
same unfixable race conditions that you are presently running into  
and so such support was dropped by the netfilter folks.  I suspect if  
you CC'ed netdev@vger.kernel.org you would get some very precise  
reasons why such filtering doesn't work.

Cheers,
Kyle Moffett

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[TOMOYO 00/15] TOMOYO Linux - MAC based on process invocatio..., Kentaro Takeda, (Fri Aug 24, 8:41 am)

[TOMOYO 15/15] LSM expansion for TOMOYO Linux., Kentaro Takeda, (Fri Aug 24, 8:58 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Mon Aug 27, 10:49 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Tue Aug 28, 6:39 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Tue Aug 28, 9:21 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Mon Sep 3, 9:15 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Tue Sep 4, 7:53 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Tue Sep 4, 10:02 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Wed Sep 5, 10:06 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Thu Sep 6, 9:04 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Thu Sep 6, 11:25 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Kyle Moffett, (Tue Sep 4, 10:13 am)

[TOMOYO 14/15] Conditional permission support., Kentaro Takeda, (Fri Aug 24, 8:57 am)

Re: [TOMOYO 14/15] Conditional permission support., Pavel Machek, (Sat Aug 25, 7:08 am)

Re: [TOMOYO 14/15] Conditional permission support., Tetsuo Handa, (Sat Aug 25, 10:13 pm)

Re: [TOMOYO 14/15] Conditional permission support., Kyle Moffett, (Mon Aug 27, 8:11 am)

Re: [TOMOYO 14/15] Conditional permission support., Tetsuo Handa, (Tue Aug 28, 9:00 am)

Re: [TOMOYO 14/15] Conditional permission support., Toshiharu Harada, (Sat Aug 25, 6:46 pm)

[TOMOYO 13/15] LSM adapter for TOMOYO., Kentaro Takeda, (Fri Aug 24, 8:56 am)

[TOMOYO 12/15] Signal transmission control functions., Kentaro Takeda, (Fri Aug 24, 8:56 am)

[TOMOYO 11/15] Namespace manipulation control functions., Kentaro Takeda, (Fri Aug 24, 8:55 am)

[TOMOYO 10/15] Networking access control functions., Kentaro Takeda, (Fri Aug 24, 8:54 am)

[TOMOYO 09/15] Argv[0] access control functions., Kentaro Takeda, (Fri Aug 24, 8:53 am)

[TOMOYO 08/15] File access control functions., Kentaro Takeda, (Fri Aug 24, 8:53 am)

[TOMOYO 07/15] Auditing interface., Kentaro Takeda, (Fri Aug 24, 8:52 am)

[TOMOYO 06/15] Domain transition handler functions., Kentaro Takeda, (Fri Aug 24, 8:50 am)

[TOMOYO 05/15] Utility functions and /proc interface for pol..., Kentaro Takeda, (Fri Aug 24, 8:49 am)

[TOMOYO 04/15] Memory and pathname management functions., Kentaro Takeda, (Fri Aug 24, 8:48 am)

[TOMOYO 03/15] Data structures and prototypes definition., Kentaro Takeda, (Fri Aug 24, 8:46 am)

[TOMOYO 02/15] Kconfig and Makefile for TOMOYO Linux., Kentaro Takeda, (Fri Aug 24, 8:45 am)

Re: [TOMOYO 02/15] Kconfig and Makefile for TOMOYO Linux., Jiri Kosina, (Fri Aug 24, 8:50 am)

[TOMOYO 01/15] Allow use of namespace_sem from LSM module., Kentaro Takeda, (Fri Aug 24, 8:44 am)

Navigation

Popular discussions


linux-kernel:
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
david	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Linus Torvalds	Linux 2.6.21-rc6
holzheu	Re: [RFC/PATCH] Documentation of kernel messages
git:

openbsd-misc:

linux-netdev:
Eric Dumazet	Re: Multicast packet loss
jamal	Re: iproute2 action/policer question
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Jens Låås	Re: tx queue hashing hot-spots and poor performance (multiq, ixgbe)

Colocation donated by:

Online users

Jeremy

Syndicate