> >>Actually, if the incoming SYN can't be received by the listening > >>socket, the handshake should fail at that point in time (as enforced > >>in selinux_sock_rcv_skb). No child sock should be created. Have you > >>noticed a different behavior? > > > > I thought there was part of the initial handshake that > would get skipped over by > > sock_rcv_skb() because either skb->sk_socket was NULL or > the socket didn't have > > a SID assigned yet. If that isn't the case then I think > Klaus is you're new > > best friend :) > > > > Ungh, forget what I said above; I was thinking of the > behavior before the > MLSXFRM patches went into the kernel.
It WAS the behavior before the MLSXFRM changes went in as well. -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
