On Thu, 11 Jul 2002 Valdis.Kletnieksat_private wrote: > On Thu, 11 Jul 2002 22:03:59 +1000, James Morris said: > > On Thu, 11 Jul 2002, Wayne Salamon wrote: > > > > Also, what about > > > IPV6? It looks like the sock is zero'd by sk_alloc then the fields are > > > set. Are we going to support IPV6 in LSM? > > We could, but it may be better to wait until somebody needs it. > > I can't speak for others, but at least at my site, we'd want to deploy > anything on both v4 and v6 (and yes, enough of our traffic is already v6 > that it would be a good-sized backdoor). Our security policies tend to > be very transport-protocol neutral. > I was thinking more in terms of security modules needing the IPv6 hooks, and I'm not aware of any at this stage. Adding infrastructure to the kernel which isn't used by anything is somewhat frowned upon. Note that there is some coverage of IPv6 (and all socket-based protocols) via the socket hooks. - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 22:09:29 PDT