Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.

From: Kyle Moffett
Date: Tue Sep 04 2007 - 10:14:36 EST

Next message: Bernhard Walle: "[PATCH] Update version information of ips driver"
Previous message: Tetsuo Handa: "Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux."
In reply to: Tetsuo Handa: "Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux."
Next in thread: Paul Moore: "Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sep 04, 2007, at 10:02:46, Tetsuo Handa wrote:

Hmm, I can't understand why I have to perform access control at "enqueue" time.

What I want to do is
allow process1 receive UDP packets from 10.0.0.1 port 1024
allow process2 receive UDP packets from 10.0.0.2 port 2048
when there is no guarantee that process1 and process2 are not sharing a socket.

If there is guarantee that process1 and process2 are not sharing a socket,
I can do it using netfilter.

Well, we used to be able to do that with netfilter but it had the same unfixable race conditions that you are presently running into and so such support was dropped by the netfilter folks. I suspect if you CC'ed netdev@xxxxxxxxxxxxxxx you would get some very precise reasons why such filtering doesn't work.

Cheers,
Kyle Moffett

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bernhard Walle: "[PATCH] Update version information of ips driver"
Previous message: Tetsuo Handa: "Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux."
In reply to: Tetsuo Handa: "Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux."
Next in thread: Paul Moore: "Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]