From: Andy King <acking@vmware.com>
To: Paul Moore <pmoore@redhat.com>
Cc: netdev@vger.kernel.org, linux-security-module@vger.kernel.org,
selinux@tycho.nsa.gov, Gerd Hoffmann <kraxel@redhat.com>,
Eric Paris <eparis@redhat.com>
Subject: Re: AF_VSOCK and the LSMs
Date: Fri, 22 Feb 2013 14:54:43 -0800 (PST) [thread overview]
Message-ID: <888679886.3769933.1361573683299.JavaMail.root@vmware.com> (raw)
In-Reply-To: <1803195.0cVPJuGAEx@sifl>
Hi Paul,
> to see if anyone had any strong feelings on this approach (either good or
> bad). Here is what I am proposing, and currently working on ...
>
> * Add a LSM secid/blob to the vmci_datagram struct
I think perhaps this is the wrong layer at which to embed this. Think
of that structure as an ethernet header, with VMCI being ethernet; it's
what the device (and the hypervisor and peer) understand. So this
really cannot be changed.
It's also not entirely clear to me how this will work in a heterogeneous
environments. What if there's a Linux guest running on a Windows host,
or vice-versa?
I'll take a closer read at the rest of your mail, but I think we need to
address the above first.
Thanks!
- Andy
next prev parent reply other threads:[~2013-02-22 22:54 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-22 22:33 AF_VSOCK and the LSMs Paul Moore
2013-02-22 22:33 ` Paul Moore
2013-02-22 22:54 ` Andy King [this message]
2013-02-23 0:27 ` Paul Moore
2013-02-23 0:27 ` Paul Moore
2013-02-25 7:29 ` Gerd Hoffmann
2013-02-25 15:06 ` Paul Moore
2013-02-25 15:06 ` Paul Moore
2013-02-22 23:00 ` Casey Schaufler
2013-02-22 23:00 ` Casey Schaufler
2013-02-23 0:45 ` Paul Moore
2013-02-23 0:45 ` Paul Moore
2013-02-23 23:43 ` Casey Schaufler
2013-02-23 23:43 ` Casey Schaufler
2013-02-25 16:55 ` Paul Moore
2013-02-25 16:55 ` Paul Moore
2013-02-25 18:02 ` Casey Schaufler
2013-02-25 18:02 ` Casey Schaufler
2013-02-25 21:05 ` Paul Moore
2013-02-25 21:05 ` Paul Moore
2013-02-25 23:06 ` Casey Schaufler
2013-02-25 23:06 ` Casey Schaufler
2013-02-26 21:21 ` LSM stacking and the network access controls (was: AF_VSOCK and the LSMs) Paul Moore
2013-02-26 21:21 ` Paul Moore
2013-02-26 23:12 ` LSM stacking and the network access controls Casey Schaufler
2013-02-26 23:12 ` Casey Schaufler
2013-02-27 16:43 ` Paul Moore
2013-02-27 16:43 ` Paul Moore
2013-02-27 16:51 ` Casey Schaufler
2013-02-27 16:51 ` Casey Schaufler
2013-02-27 17:31 ` Paul Moore
2013-02-27 17:31 ` Paul Moore
2013-02-27 17:40 ` Casey Schaufler
2013-02-27 17:40 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=888679886.3769933.1361573683299.JavaMail.root@vmware.com \
--to=acking@vmware.com \
--cc=eparis@redhat.com \
--cc=kraxel@redhat.com \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pmoore@redhat.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.