Thank you for the valuable comments. I have incorporated a good number in the updated patch:
http://www.schaufler-ca.com/data/smack-0716A-patch.tar Change summary: - Sockets now have their own security blobs rather than pointing to the blob of the task that created them. Thank you Stephen. - The smackfs task interfaces ipscheme, ipin, ipout, and packet have been deleted. - Socket xattrs SMACK64IPIN, SMACK64IPOUT, SMACK64PACKET are now supported and can be read using fxattrget(). The first two can be set with fxattrset(). - Use secattr constants instead of 0. Thank you Paul. - Cleaned out non-useful network scheme options. - Cleaned out #ifdefed code to do fd access checks the "wrong" way. Still to do based on comments: Audit, default domain, netlabel cacheing, smk_cipso_doi possible rework. More discussion on CIPSO abuse alternatives wouldn't be a bad notion. Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html