On Tue, May 30, 2006 at 10:18:32AM -0400, James Morris ([EMAIL PROTECTED])
wrote:
> > And, btw, what is the purpose of controlling netlink messages?
> > Does it prevent malicious userspace application to receive events from
> > malicious kernel module?
>
> It provides control over which types of applications can send and receive
> different types of Netlink messages. e.g. you can specify that Apache can
> read the routing table but not write to it.
Apache still can setup routes using ioctl or execve("ip route add/route
add");
Anyway you can easily add lsm hook into both sending/receiving pathes in
connector code, it fully controls the traffic before it reached socket
queue or user's callback.
> - James
> --
> James Morris
> <[EMAIL PROTECTED]>
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
