Thank you for your comment. I have a question regarding netfilter infrastructure.
I want to filter messages using "task_struct->security". Can the netfilter's queuing to userspace feature get a list of "struct task_struct" who shares a socket that is going to receive incoming messages? My approach is not "is this socket allowed to receive from xxx.xxx.xxx.xxx port yy" but "is this process allowed to receive from xxx.xxx.xxx.xxx port yy". So, my approach is not using security context associated with a socket but security context associated with a process. If I can't use netfilter, there is no chance to filter before enqueuing messages. So, I think propagating errors to the local user after dequeuing messages is the only possible way. Regards. - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
