On Wed, 10 Dec 2003 11:33:53 -0500 (EST) James Morris <jmorris@private> wrote: > Three new LSM hooks have been implemented: > > - socket_getpeersec() is the getsockopt interface. > > - sk_alloc_security() and sk_free_security() facilitate the use of an > sk_security field, which is used to store the security credentials of > the Unix peer. We can't use an existing security field for this (e.g. > inode), as we need the security credentials of the server's child > socket. This follows the same general scheme used for managing existing > Unix peer credentials. > > Comments? I'm fine with this conceptually, although the earliest I could put this into the tree is 2.6.1 although I have a hunch that I'll be asked to defer something like this to 2.6.2, but who knows. The one thing I don't like is the ifdef conditionalized member of the sock struct. We should move away from config variables changing structure layouts. Even a "void *sk_security;" would be better.
This archive was generated by hypermail 2b30 : Wed Dec 10 2003 - 15:01:05 PST