James Morris wrote: > On Wed, 8 Nov 2006, Paul Moore wrote: > >>1. Functionality is available right now, no additional kernel changes needed >>2. No special handling for localhost, I tend to like the idea of having >>consistent behavior for all addresses/interfaces > > I don't agree. SO_PEERSEC should always just work for loopback, just like > with Unix sockets.
My main concern is that we would have "special" behavior for a single IP address and that this behavior wouldn't be subject to the same labeled networking configuration/management methods as the rest of the address space. Treating localhost like any other IP address seems consistent with the way we handle Unix sockets - we don't have any special handling depending on the path of the socket. -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
