From: Dan Smith <danms@us.ibm.com>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: Oren Laadan <orenl@cs.columbia.edu>,
containers@lists.osdl.org, netdev@vger.kernel.org,
Alexey Dobriyan <adobriyan@gmail.com>
Subject: Re: [PATCH 1/2] c/r: Add AF_UNIX support (v5)
Date: Wed, 08 Jul 2009 12:27:20 -0700 [thread overview]
Message-ID: <87y6qzou07.fsf@caffeine.danplanet.com> (raw)
In-Reply-To: <20090708140152.GC10787@us.ibm.com> (Serge E. Hallyn's message of "Wed\, 8 Jul 2009 09\:01\:52 -0500")
SH> That also caused you to skip a bunch of security_* calls (at the
SH> least here, at the recv equivalent, do_sock_getname, and at your
SH> bind at restore).
SH> I don't think simply inserting them here is the right thing to do,
SH> bc then as the main code changes this code is likely to fall out
SH> of sync. So like Oren says, I think you need to do more re-use of
SH> the common code. For the bind() case, for instance, write a
SH> common helper used by both sys_bind() and your restart bind, which
SH> does the security check and then calls sock->ops->bind(). It
SH> makes your patchset a bit more intrusive, but easier to maintain.
Does it make sense to modify kern_bind() (and friends) to make the
security_*() calls and then make sys_bind() and my restore code use
kern_bind()? I don't know enough about the security stuff to know if
the other uses of kern_bind() in the kernel would trip up if the
checks are done there...
--
Dan Smith
IBM Linux Technology Center
email: danms@us.ibm.com
next prev parent reply other threads:[~2009-07-08 19:27 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-07 19:26 [RFC] Add Checkpoint/Restart support for UNIX and INET sockets Dan Smith
[not found] ` <1246994776-1882-1-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-07-07 19:26 ` [PATCH 1/2] c/r: Add AF_UNIX support (v5) Dan Smith
[not found] ` <1246994776-1882-2-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-07-08 6:32 ` Oren Laadan
2009-07-08 14:01 ` Serge E. Hallyn
2009-07-08 19:27 ` Dan Smith [this message]
2009-07-08 22:01 ` Serge E. Hallyn
[not found] ` <4A543D82.5080408-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-07-08 15:23 ` Dan Smith
2009-07-08 16:44 ` Oren Laadan
[not found] ` <4A54CCDB.1090602-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-07-08 16:55 ` Dan Smith
2009-07-08 18:16 ` Oren Laadan
2009-07-07 19:26 ` [PATCH 2/2] c/r: Add AF_INET support (v3) Dan Smith
2009-07-08 1:23 ` Brian Haley
[not found] ` <4A53F50D.30001-VXdhtT5mjnY@public.gmane.org>
2009-07-08 1:31 ` Dan Smith
2009-07-08 13:58 ` Oren Laadan
2009-07-08 15:30 ` Dan Smith
2009-07-13 19:02 ` John Dykstra
2009-07-13 19:10 ` Dan Smith
2009-07-24 20:44 ` John Dykstra
2009-07-28 17:22 ` Oren Laadan
2009-07-25 21:02 ` John Dykstra
2009-07-28 16:00 ` Dan Smith
2009-07-28 17:07 ` Oren Laadan
[not found] ` <4A6F306A.40303-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-07-29 22:10 ` John Dykstra
2009-07-29 0:28 ` John Dykstra
2009-07-31 19:35 ` John Dykstra
2009-07-31 19:40 ` Dan Smith
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y6qzou07.fsf@caffeine.danplanet.com \
--to=danms@us.ibm.com \
--cc=adobriyan@gmail.com \
--cc=containers@lists.osdl.org \
--cc=netdev@vger.kernel.org \
--cc=orenl@cs.columbia.edu \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.