* James Morris <[EMAIL PROTECTED]> 2006-05-27 13:21 > Actually, a possible solution here is to completely remove all internal > knowledge of netlink messages from SELinux and have the netfilter > framework and protocols provide methods to determine message types and > permissions.
Right, regarding generic netlink we can extend struct genl_ops to include a policy stating what permissions are required. Besides that we can extend struct nla_policy to support validating of attributes. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
