On Tue, 2004-05-18 at 22:26, Yuan Chunyang wrote: > Now what I did is adding new patch in my source tree of 2.6.4. > clone_tcp_sk is added into tcp_create_openreq_child function. > Maybe it is not a good way . But it's working now :) Yes, clone_tcp_sk should replace the memcpy of the sk so that the security field is not clobbered and aliased. > Could you tell me the address of bk tree of 2.6.4 ? If you mean the lsm-2.6 bk tree, then it is lsm.bkbits.net/lsm-2.6. But I'd recommend just working off the mainline kernel, e.g. linux.bkbits.net/linux-2.5 or grab 2.6.6 from kernel.org. > Why does mainline kernel not accept the network part of lsm in 2.6 ? For efficiency or else ? There were concerns about maintainability and proper abstraction, as well as a belief that NetFilter already supports much of what is needed. -- Stephen Smalley <sds@private> National Security Agency
This archive was generated by hypermail 2b30 : Wed May 19 2004 - 05:30:14 PDT