Re: [PATCH] fix up security_socket_getpeersec_* documentation

From: Xiaolan Zhang
Date: Mon Apr 03 2006 - 16:17:37 EST

Next message: Dimitri Sivanich: "[PATCH 2/2] dynamic configuration for remote rcu callback processing"
Previous message: Roman Zippel: "Re: [PATCH 0/5] clocksource patches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Acked-by: Catherine Zhang <cxzhang@xxxxxxxxxxxxxx>

Catherine

serue@xxxxxxxxxxxxxxxxxxxxxxx wrote on 03/28/2006 08:02:53 AM:

> Update the security_socket_peersec documentation in
> include/linux/security.h. security_socket_peersec has been split
> into two functions - _stream and _dgram, with new capabilities.
>
> Signed-off-by: Serge Hallyn <serue@xxxxxxxxxx>
>
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -782,9 +782,11 @@ struct swap_info_struct;
> * incoming sk_buff @skb has been associated with a particular
socket, @sk.
> * @sk contains the sock (not socket) associated with the incoming
sk_buff.
> * @skb contains the incoming network data.
> - * @socket_getpeersec:
> + * @socket_getpeersec_stream:
> * This hook allows the security module to provide peer socket
security
> - * state to userspace via getsockopt SO_GETPEERSEC.
> + * state for unix or connected tcp sockets to userspace via
getsockopt
> + * SO_GETPEERSEC. For tcp sockets this can be meaningful if the
> + * socket is associated with an ipsec SA.
> * @sock is the local socket.
> * @optval userspace memory where the security state is to be copied.
> * @optlen userspace int where the module should copy the actual
length
> @@ -793,6 +795,17 @@ struct swap_info_struct;
> * by the caller.
> * Return 0 if all is well, otherwise, typical getsockopt return
> * values.
> + * @socket_getpeersec_dgram:
> + * This hook allows the security module to provide peer socket
security
> + * state for udp sockets on a per-packet basis to userspace via
> + * getsockopt SO_GETPEERSEC. The application must first have
indicated
> + * the IP_PASSSEC option via getsockopt. It can then retrieve the
> + * security state returned by this hook for a packet via the
SCM_SECURITY
> + * ancillary message type.
> + * @skb is the skbuff for the packet being queried
> + * @secdata is a pointer to a buffer in which to copy the security
data
> + * @seclen is the maximum length for @secdata
> + * Return 0 on success, error on failure.
> * @sk_alloc_security:
> * Allocate and attach a security structure to the
> sk->sk_security field,
> * which is used to copy security attributes between local
> stream sockets.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dimitri Sivanich: "[PATCH 2/2] dynamic configuration for remote rcu callback processing"
Previous message: Roman Zippel: "Re: [PATCH 0/5] clocksource patches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]