On Thursday 24 August 2006 08:42, Stephen Smalley wrote: > At present, we don't have a parallel libselinux function for the > SCM_SECURITY support for datagrams; not sure exactly what form that > would take or whether it would be useful.
After looking into UDP packets, I found this documentation: "With UDP, each read/write can have different peer and thus the security context might change every time. As a result the security context retrieval must be done TOGETHER with the packet retrieval." If this is true, it means that xinetd cannot do anything for UDP services since reading the socket is something done by the service and not xinetd. So, I think setting LABELED flag on UDP service should result in an error to warn the admin that xinetd cannot honor their config. This also brings up another corner case, tcp wait services. In this configuration, the accept is done by the service. I think that xinetd should issue an error in this case as well to warn the admin that it cannot possibly honor this configuration either. Comments? -Steve -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
