Venkat Yekkirala wrote:
>>>+static int selinux_skb_policy_check(struct sk_buff *skb,
>>
>>unsigned short
>>
>>>family) +{
>>>+ u32 xfrm_sid, trans_sid;
>>>+ int err;
>>>+
>>>+ if (selinux_compat_net)
>>>+ return 1;
>>>+
>>>+ err = selinux_xfrm_decode_session(skb, &xfrm_sid, 0);
>>>+ BUG_ON(err);
>>
>>First, any reason against including the "struct sock *" in
>>the LSM hook? At a
>>quick glance it looks like it is available at each place
>>security_skb_policy_check() is invoked? If there are no
>>objections I would
>>like to see it included in the hook.
>
> There's no sock available (NULL) for forward, no-sock, time-wait cases, etc.
... which would be why I should have taken a closer look :)
> What you are trying to accomplish with the sock here anyway?
Actually this is no longer an issue because of something else - you can
ignore this now.
--
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
