RE: Labeling traffic over loopback

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Venkat Yekkirala" <vyekkirala@TrustedCS.com>
To: "Venkat Yekkirala" <vyekkirala@tcsfw4.tcs-sec.com>,
	<selinux@tycho.nsa.gov>
Cc: <jmorris@namei.org>, <sds@tycho.nsa.gov>
Subject: RE: Labeling traffic over loopback
Date: Tue, 12 Dec 2006 10:03:17 -0600	[thread overview]
Message-ID: <000b01c71e07$0a1c9c40$cc0a010a@tcssec.com> (raw)
In-Reply-To: 

In thinking more about this, we shouldn't actually need to use
the single bit in skbuff. We should just be able to use the
variable that denotes if xfrm over loopback is in use. Any time
xfrm over loopback isn't in use (the default), we could use sp
to hold the secid.

> -----Original Message-----
> From: Venkat Yekkirala [mailto:vyekkirala@trustedcs.com]
> Sent: Tuesday, December 12, 2006 10:01 AM
> To: 'selinux@tycho.nsa.gov'
> Cc: 'jmorris@namei.org'; 'sds@tycho.nsa.gov'
> Subject: Labeling traffic over loopback
> 
> 
> The following describes a proposal to label traffic over loopback
> by using a bit in the sk_buff structure. We have:
> 
> struct sk_buff {
> ...
>         struct  sec_path        *sp;
> ...
>         __u8                    pkt_type:3,
>                                 fclone:2,
>                                 ipvs_property:1;
> ...
> }
> 
> We could use an additional bit (local_label) to denote that
> "sp" holds the source label sid (no blob, so no lifecycle mgmt).
> 
> What do people think?
> 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next             reply	other threads:[~2006-12-12 16:03 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-12-12 16:03 Venkat Yekkirala [this message]
  -- strict thread matches above, loose matches on Subject: below --
2006-12-12 16:00 Labeling traffic over loopback Venkat Yekkirala
2006-12-12 16:36 ` Paul Moore
2006-12-12 17:02   ` Venkat Yekkirala
2006-12-12 17:26     ` Paul Moore
2006-12-12 17:45       ` Venkat Yekkirala
2006-12-13  3:34         ` James Morris
2006-12-13 14:29           ` Venkat Yekkirala
2006-12-13 15:24             ` James Morris
2006-12-12 17:07 ` Joy Latten
2006-12-12 17:23 ` Casey Schaufler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='000b01c71e07$0a1c9c40$cc0a010a@tcssec.com' \
    --to=vyekkirala@trustedcs.com \
    --cc=jmorris@namei.org \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    --cc=vyekkirala@tcsfw4.tcs-sec.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.