From: [EMAIL PROTECTED] Date: Mon, 17 Jul 2006 11:52:26 -0400 > @@ -617,6 +618,8 @@ int inet_accept(struct socket *sock, str > > sock_graft(sk2, newsock); > > + netlbl_socket_inet_accept(sock, newsock); > + > newsock->state = SS_CONNECTED; > err = 0; > release_sock(sk2);
This is only true wart I see in the patch set from my perspective. You have security_post_accept_hook(), which gets the parent and the child socket which is all the information you need, and it seems to be invoked at the correct location. So can you please hook into this location using the security level hook we already have? Just check sock->sk->sk_family is PF_INET at the top of that hook if you only want to handle ipv4 sockets, or something like that. Could this work? When preparing and argument stating why this won't work, please suggest a nicer name for this af_inet.c hook or some way to make it more generic and palatable to us. Thanks. > - case 0x86: /* Another "Commercial Security" crap. */ > + case IPOPT_CIPSO: I am sad to see this comment disappear :-) - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
