New patches

• Previous message: James Morris: "Re: [RFC] No more module_* hooks"
• Next in thread: James Morris: "Re: New patches"
• Reply: James Morris: "Re: New patches"
• Reply: Wayne Salamon: "Re: New patches"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  Attached are patches for 2.4 and 2.5 to add some hooks that SELinux
needs in order to maintain the client's security ID across the TCP
connection setup states.

  These hooks are used to label the open_request kernel structure with the
client security ID after the first SYN packet is received. This structure
appears to be the only object that exists during the entire connection
setup, before the new accept socket is created.

  SELinux needs this labeling in order to reliably label SYN/ACKs, and the
new accepted socket on the server, when extended socket calls are used. If
these hooks are not of a general use within LSM, then we can maintain them
as part of our small SELinux patch.

  Comments?

  Thanks,

Wayne
-- 
Wayne Salamon
wsalamonat_private

• TEXT/PLAIN attachment: patch-2.5.39

• TEXT/PLAIN attachment: patch-2.4.19

• Next message: James Morris: "Re: New patches"
• Previous message: James Morris: "Re: [RFC] No more module_* hooks"
• Next in thread: James Morris: "Re: New patches"
• Reply: James Morris: "Re: New patches"
• Reply: Wayne Salamon: "Re: New patches"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 06:46:24 PDT