From: Paul Moore <paul.moore@hp.com>
To: James Morris <jmorris@namei.org>
Cc: vyekkirala@TrustedCS.com, netdev@vger.kernel.org,
selinux@tycho.nsa.gov, sds@tycho.nsa.gov
Subject: Re: [PATCH 2/3] mlsxfrm: Various fixes
Date: Thu, 09 Nov 2006 12:26:33 -0500 [thread overview]
Message-ID: <455364C9.6000701@hp.com> (raw)
In-Reply-To: <XMMS.LNX.4.64.0611090158550.11301@d.namei>
James Morris wrote:
> On Thu, 9 Nov 2006, Paul Moore wrote:
>
>>It sounds like you have an idea of how you would like to see this implemented,
>>can you give me a rough outline? Is this the partitioned SECMARK field you
>>talked about earlier?
>
> No, just the fact that you are in the same kernel address space and can
> readily access the security context of the peer.
For a minute I got all excited thinking that you had found a solution to this :)
The problem I keep running into is that it is not obvious to me how we can
determine the security context of the sending socket on the receive side by
looking at the skb. I'm really hoping that it is just because I haven't looked
at the code long enough, or thought about it hard enough. It is just so
frustrating because you are right - all the information is there, I just don't
know how to get to it when we need it without using external labeling.
--
paul moore
linux security @ hp
prev parent reply other threads:[~2006-11-09 17:26 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-07 17:17 [PATCH 2/3] mlsxfrm: Various fixes Venkat Yekkirala
2006-11-07 20:38 ` James Morris
2006-11-08 14:31 ` Venkat Yekkirala
2006-11-09 4:08 ` Paul Moore
2006-11-09 4:38 ` James Morris
2006-11-09 4:59 ` Paul Moore
2006-11-09 6:15 ` James Morris
2006-11-09 6:39 ` Paul Moore
2006-11-09 7:02 ` James Morris
2006-11-09 17:26 ` Paul Moore [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=455364C9.6000701@hp.com \
--to=paul.moore@hp.com \
--cc=jmorris@namei.org \
--cc=netdev@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=vyekkirala@TrustedCS.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).