Venkat Yekkirala wrote:
This defines SELinux enforcement of the 2 new LSM hooks as well
as related changes elsewhere in the SELinux code.
This also now keeps track of the peersid thru the establishment
of a connection on the server (tracking peersid on the client
is covered later in this
On Mon, 2006-10-02 at 12:12 -0400, Paul Moore wrote:
Venkat Yekkirala wrote:
This defines SELinux enforcement of the 2 new LSM hooks as well
as related changes elsewhere in the SELinux code.
This also now keeps track of the peersid thru the establishment
of a connection on the server
On Mon, 2 Oct 2006, Stephen Smalley wrote:
It appears that selinux_xfrm_decode_session() can only legitimately
return an error if the last argument (ckall) is non-zero.
security_skb_classify_flow() was doing the same thing prior to this
patch series. It would be clearer if there were two
Stephen Smalley wrote:
On Mon, 2006-10-02 at 12:12 -0400, Paul Moore wrote:
Venkat Yekkirala wrote:
This defines SELinux enforcement of the 2 new LSM hooks as well
as related changes elsewhere in the SELinux code.
This also now keeps track of the peersid thru the establishment
of a connection
My immediate concern is not really what selinux_xfrm_decode_session()
returns, but how to handle it, or rather errors in general, in
selinux_skb_flow_in(). I'm in the process of creating a patch to add
the missing NetLabel support to the secid patches and I am
wondering if
I should
Venkat Yekkirala wrote:
My immediate concern is not really what selinux_xfrm_decode_session()
returns, but how to handle it, or rather errors in general, in
selinux_skb_flow_in(). I'm in the process of creating a patch to add
the missing NetLabel support to the secid patches and I am
wondering
This defines SELinux enforcement of the 2 new LSM hooks as well
as related changes elsewhere in the SELinux code.
This also now keeps track of the peersid thru the establishment
of a connection on the server (tracking peersid on the client
is covered later in this patch set).
Signed-off-by: