From: Tetsuo Handa <[EMAIL PROTECTED]>
Date: Mon, 09 Jul 2007 14:33:01 +0900
> @@ -649,8 +660,16 @@ int sock_recvmsg(struct socket *sock, st
> init_sync_kiocb(&iocb, NULL);
> iocb.private = &siocb;
> ret = __sock_recvmsg(&iocb, sock, msg, size, flags);
> - if (-EIOCBQUEUED ==
Hello.
Thank you for your comment.
David Miller wrote:
> I don't think it's such a hot idea to return errors if the
> wait_on_sync_kiocb() has returned success.
My patch may return errors for non-wait_on_sync_kiocb() case too.
Are you saying only wait_on_sync_kiocb() case is bad?
If so, could yo
On Mon, 9 Jul 2007, Tetsuo Handa wrote:
> Hello.
>
> This thread is from http://marc.info/?t=11834645705&r=1&w=2 .
>
> I want to use tcp_wrapper-like filtering using LSM.
The appropriate way to do this would be via netfilter queuing to
userspace, as already suggested by Paul Moore.
--
J
On Mon, 9 Jul 2007, Tetsuo Handa wrote:
> It drops messages from unwanted IP address/ports.
> (To be exact, it doesn't drop, it just tells userland process
> not to use received messages by returning errors.)
This is broken.
You need to properly fail the network operation and ensure that the pee
On Mon, 9 Jul 2007 18:50:27 -0400 (EDT)
James Morris <[EMAIL PROTECTED]> wrote:
> On Mon, 9 Jul 2007, Tetsuo Handa wrote:
>
> > It drops messages from unwanted IP address/ports.
> > (To be exact, it doesn't drop, it just tells userland process
> > not to use received messages by returning errors.
On Mon, 9 Jul 2007, Stephen Hemminger wrote:
> Isn't it better to hook into existing netfilter infrastructure somehow?
Yes, it has been suggested several times.
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body o
Thank you for your comment.
I have a question regarding netfilter infrastructure.
I want to filter messages using "task_struct->security".
Can the netfilter's queuing to userspace feature
get a list of "struct task_struct" who shares a socket
that is going to receive incoming messages?
My approa
Dear, Sir,
Thanks for your response and I'm very sorry for my late response.
Firstly, I have to introduce myself. I'm trying to promote SELinux in
Japan from 2002 (almost 5-years.). And I started up SELinux
SI/training/support business in my company from 2005.
#Also, I'm a member or LIDS dev
