Paul Moore wrote: > Venkat Yekkirala wrote: >> >>Actually, if the incoming SYN can't be received by the listening >>socket, the handshake should fail at that point in time (as enforced >>in selinux_sock_rcv_skb). No child sock should be created. Have you >>noticed a different behavior? > > I thought there was part of the initial handshake that would get skipped over > by > sock_rcv_skb() because either skb->sk_socket was NULL or the socket didn't > have > a SID assigned yet. If that isn't the case then I think Klaus is you're new > best friend :) >
Ungh, forget what I said above; I was thinking of the behavior before the MLSXFRM patches went into the kernel. -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
