Re: 2.6.16-rc6-mm1

From: James Morris
Date: Sun Mar 12 2006 - 22:16:15 EST

Next message: Fernando Lopez-Lezcano: "Re: [Alsa-devel] Re: 2.6.15-rt20, "bad page state", jackd(alsa 1.0.10 vs. recent kernels)"
Previous message: Nick Piggin: "Re: [patch 1/3] radix tree: RCU lockless read-side"
In reply to: Grant Coady: "Re: 2.6.16-rc6-mm1"
Next in thread: Neil Brown: "Re: 2.6.16-rc6-mm1 (NFS tree ... busy inodes ... relatively harmless)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 12 Mar 2006, Andrew Morton wrote:

> Author: Catherine Zhang <cxzhang@xxxxxxxxxxxxxx>
> Date: Fri Mar 10 00:34:15 2006 -0800
>
> [SECURITY]: TCP/UDP getpeersec
>
> This patch implements an application of the LSM-IPSec networking
> controls whereby an application can determine the label of the
> security association its TCP or UDP sockets are currently connected to
> via getsockopt and the auxiliary data mechanism of recvmsg.
>
> Which I am sure is very good.

Think of it as an extension of the existing Linux SO_PASSCRED for Unix
sockets, which currently allow you to authenticate the uid/gid/pid of a
local peer process with which you are communicating. But now extended to
other security information such as an SELinux security context, and for
non-local processes, protected and authenticated via IPsec.

- James
--
James Morris
<jmorris@xxxxxxxxxx>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Fernando Lopez-Lezcano: "Re: [Alsa-devel] Re: 2.6.15-rt20, "bad page state", jackd(alsa 1.0.10 vs. recent kernels)"
Previous message: Nick Piggin: "Re: [patch 1/3] radix tree: RCU lockless read-side"
In reply to: Grant Coady: "Re: 2.6.16-rc6-mm1"
Next in thread: Neil Brown: "Re: 2.6.16-rc6-mm1 (NFS tree ... busy inodes ... relatively harmless)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]