* James Morris (jmorris@private) wrote: > Below is a patch against 2.6.0-test11 which implements a new socket option > SO_PEERSEC (defined for i386 only at this stage). Thanks for doing this James. In your example demonstration, you simply print the peersec string. Do you expect to use with simple comparison against something like data from procattr, or something else? IOW, does this introduce any new namespace issues for apps? > +static inline int security_sk_alloc_security(struct sock *sk, int family, int priority) > +static inline void security_sk_free_security(struct sock *sk) minor nit. these names are inconsistent with the existing analogous ones. how about simply, security_sk_alloc and security_sk_free? > +++ linux-2.6.0-test11.w2/net/core/sock.c 2003-12-10 09:55:39.378901360 -0500 > @@ -564,6 +564,9 @@ > v.val = sk->sk_state == TCP_LISTEN; > break; > > + case SO_PEERSEC: > + return security_socket_getpeersec(sock, optval, len); > + Would it be useful to ask the module to update len as is done in some other cases. Perhaps buffer is too small, can len be vector for that info? thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2b30 : Fri Dec 12 2003 - 16:17:46 PST