Re: [patch] CONFIG_SECURITY_NETWORK

From: James Morris (jmorrisat_private)
Date: Mon Jan 27 2003 - 15:24:15 PST

  • Next message: Chris Wright: "Re: [patch] CONFIG_SECURITY_NETWORK"

    On Mon, 27 Jan 2003, Stephen D. Smalley wrote:
    
    > 
    > The attached patch for lsm-2.5 adds a CONFIG_SECURITY_NETWORK option
    > for the socket and networking security fields and hooks.  At present,
    > it excludes the netlink hooks and the ip_decode_options hooks since
    > the capabilities module uses those hooks to implement capability tests
    > migrated from the base kernel.  It rearranges the security_ops structure
    > to move the optional socket and networking hooks to the end of the structure.
    > 
    > The patch moves the 'security = NULL' initializations for the sock and
    > open request structures into the corresponding alloc_security hooks
    > since those initializations are colocated with the allocation.  In the
    > sk_buff case, the patch simply #ifdef's the initialization, since other
    > similar #ifdef'd initializations exist in skb_headerinit.  If desired,
    > we could define a static inline function for that purpose, but it
    > didn't seem to be necessary.
    
    This looks good, thanks for doing this (I'm still working through a
    backlog of stuff after getting back from LCA).
    
    
    - James
    -- 
    James Morris
    <jmorrisat_private>
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 15:26:31 PST