Hello. SD wrote: > Why is it difficult to filter IP requests on kernel higher 2.6.30? > I am quite happy that TOMOYO 1.6.8 can filter network requests. > Why can't we do the same on kernel after 2.6.30?
TOMOYO filters network requests based on TOMOYO's domainname which the process calling socket()/bind()/listen()/connect()/sendmsg()/accept()/recvmsg() belongs to rather than the process called socket() belongs to. However, LSM hooks for filtering incoming requests upon dequeue time (accept() and recvmsg()) based on TOMOYO's domainname which receiver process belongs to are missing. LSM hooks for filtering _before_ dequeue time (security_socket_accept() and security_socket_recvmsg()) are provided, but I won't use them because they are racy and trigger almost-denial-of-service state by spending CPU resource for accept() and recvmsg() which won't success. I want to use LSM hooks for filtering _after_ dequeue time (security_socket_post_accept() and security_socket_post_recvmsg()). Regarding security_socket_post_accept(), it will be acceptable for mainline because "snet: Security for NETwork syscalls" is proposing it and no objections hearing regarding it. Regarding security_socket_post_recvmsg(), I have to propose it. TOMOYO 1.x is doing it in a way which is not acceptable for mainline. Proposing it in a way which is acceptable for mainline is in my to-do list. But I'm planning to complete file access restrictions before adding network access restrictions. Regards. _______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
