New patches

From: Wayne Salamon (wsalamonat_private)
Date: Wed Oct 02 2002 - 06:44:21 PDT

  • Next message: James Morris: "Re: New patches"

      Attached are patches for 2.4 and 2.5 to add some hooks that SELinux
    needs in order to maintain the client's security ID across the TCP
    connection setup states.
    
      These hooks are used to label the open_request kernel structure with the
    client security ID after the first SYN packet is received. This structure
    appears to be the only object that exists during the entire connection
    setup, before the new accept socket is created.
    
      SELinux needs this labeling in order to reliably label SYN/ACKs, and the
    new accepted socket on the server, when extended socket calls are used. If
    these hooks are not of a general use within LSM, then we can maintain them
    as part of our small SELinux patch.
    
      Comments?
    
      Thanks,
    
    Wayne
    -- 
    Wayne Salamon
    wsalamonat_private
    
    
    


    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 06:46:24 PDT