On Jun 20, 2006, at 2:39 PM, Venkat Yekkirala wrote:
What you are saying makes sense. I will take a last look at
the code
tomorrow, and give OK (assuming optimism).
FYI- I have sent a revised set out to netdev and selinux for broader
exposure
pending your final review. Thanks.
I have a question: if the sock type does not match the policy type
(xfrm_lookup hook on output step (2)), can we send the packet?
It seems on output the socket and policy types must match, but this
is not the case on input (input step (3) checks socket access and
flow type is from sa). Nor was it the case in the original patch.
Output step (4) checks that the socket can send to the specific sa
type which is right.
The extra level of indirection provided by the flow makes things a
bit harder to follow, so I think that this should be made clear in
documentation somehow. I am not sure if people will be able to
maintain this notion easily later. My understanding is below.
On input:
(1) get flow label from sa via packet
(2) authorize flow label matches policy (xfrm_lookup hook)
(3) authorize socket access to sa label (rcv_skb)
On output:
(1) get flow label from socket (xfrm_lookup)
(2) authorize flow label matches policy (xfrm_lookup hook)
(3) authorize sa matches policy (state_pol_flow)
(4) authorize flow label can send to state (flow_state_match)
Regards,
Trent.
----------------------------------------------
Trent Jaeger, Associate Professor
Pennsylvania State University, CSE Dept
346A IST Bldg, University Park, PA 16802
Email: [EMAIL PROTECTED]
Ph: (814) 865-1042, Fax: (814) 865-3176
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
