James Morris wrote: > On Thu, 9 Nov 2006, Paul Moore wrote: > >>It sounds like you have an idea of how you would like to see this implemented, >>can you give me a rough outline? Is this the partitioned SECMARK field you >>talked about earlier? > > No, just the fact that you are in the same kernel address space and can > readily access the security context of the peer.
For a minute I got all excited thinking that you had found a solution to this :) The problem I keep running into is that it is not obvious to me how we can determine the security context of the sending socket on the receive side by looking at the skb. I'm really hoping that it is just because I haven't looked at the code long enough, or thought about it hard enough. It is just so frustrating because you are right - all the information is there, I just don't know how to get to it when we need it without using external labeling. -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
