On Sun, 2007-04-08 at 19:45 +0900, Tetsuo Handa wrote: > Hello. > > Hao Xu wrote: > > If the purpose of the LSM framework is not just satisfying selinux, then > I also want LSM framework add some hooks. > > The problems are at accept() and recvmsg() operation. > I want to return error on security_socket_post_accept(). > I want a new hook security_socket_post_recvmsg() that are called AFTER > sock_recvmsg() is called. > http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/net/socket.c#L640 > http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/net/socket.c#L1404
It doesn't do any good to return an error _after_ the new connection has been set up or the data transfer has already happened. Userspace already has what it needs and another thread can already begin using it _before_ you take any action in those post hooks. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
