On 2004-05-08 at 22:00, James Morris wrote:
> Under SELinux, and potentially other LSMs, we need
> to be able to distinguish between user sockets and
> kernel sockets. For SELinux specifically, kernel
> sockets need to be specially labeled during
> creation, then bypass access control checks (they
> are controlled by the kernel itself and not subject
> to SELinux mediation).
Do both user sockets and kernel sockets have a socket
structure and a corresponding sock structure (i.e. a
BSD socket and a INET socket) with them?
In 8.1.1 of "Integrating Flexible Support for Security
Policies into the Linux Operating System", It says:
"The Linux network component creates two special
purpose sockets for use by the AF_INET protocol
family. The tcp socket is used to send resets when a
TCP packet is rejected, since there may be no local
socket corresponding to the packet. The icmp socket is
used to send ICMP messages.Two initial SIDs were
defined for these sockets, with the corresponding
security context determined by the security server."
Does the "local socket" here refer to the "user
socket" as you mentioned above?
Thank you very much.
=====
Best Regards,
Park Lee
__________________________________
Do you Yahoo!?
Yahoo! Sports - Sign up for Fantasy Baseball.
http://baseball.fantasysports.yahoo.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
