[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87k4e6n929.fsf@synack.fr>
Date: Wed, 04 May 2011 10:50:38 +0200
From: Samir Bellabes <sam@...ack.fr>
To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc: paul.moore@...com, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
netfilter-devel@...r.kernel.org, hadi@...erus.ca, kaber@...sh.net,
zbr@...emap.net, root@...aldomain.pl
Subject: Re: [RFC v3 02/10] Revert "lsm: Remove the socket_post_accept() hook"
Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> writes:
> Paul Moore wrote:
>> On Tuesday, May 03, 2011 10:24:15 AM Samir Bellabes wrote:
>> > snet needs to reintroduce this hook, as it was designed to be: a hook for
>> > updating security informations on objects.
>>
>> Looking at this and 5/10 again, it seems that you should be able to do what
>> you need with the sock_graft() hook. Am I missing something?
>>
>> My apologies if we've already discussed this approach previously ...
>
> Third problem (though independent with security_sock_graft()) is that
> snet_do_send_event() ignores snet_nl_send_event() failure.
using snet_do_send_event() means that system is sending data to
userspace. the system is not waiting for a verdict from userspace.
If error occurs, we actually loose the information data.
I may be able to write a solution which try to send the data again, but
we need a exit solution for this loop (a number of try ?).
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists