On Sunday, April 8 2007 6:45:54 am Tetsuo Handa wrote: > I want to return error on security_socket_post_accept().
The problem is that there is no way to un-accept a connection, once you have accepted it. This was discussed in several threads on the SELinux and netdev mailing lists last year as we grappled with the correct way to label child sockets generated by an accept() call. I understand what you want to do (I wanted the same thing), but it's just not practical; security_socket_post_accept() will most likely always been an "advisory" hook. I would encourage you to look at the hooks that were added in the 2.6.(18 or 19, can't remember off the top of my head right now) timeframe which allow the LSM to better control/label the sockets during the TCP handshake; this may allow you to do what you want. -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
