[redhat-lspp] Re: [RFC] [MLSXFRM 02/04] Add enforcement to SE Linux LSM
Trent Jaeger
tjaeger at cse.psu.edu
Wed Jun 21 02:59:41 UTC 2006
On Jun 20, 2006, at 6:50 PM, Venkat Yekkirala wrote:
>> I have a question: if the sock type does not match the policy type
>> (xfrm_lookup hook on output step (2)), can we send the packet?
>
> Only if the packet can send to SECINITSID_UNLABELED as checked in
> selinux_xfrm_postroute_last() which would be the 5th step below.
>
>>
>> It seems on output the socket and policy types must match,
>
> More accurately, the flow (which derives from the socket in the
> locally
> generated case)
> and the policy types must "polmatch", yes.
OK. This semantics is different for types where we checked that the
socket (or flow) had access to send using the policy at lookup.
It seems like semantics of the flow sid is different between output
and input. On output, it's based on the socket and on input it's
based on the sa. The flow/sa analogy makes sense to me, but the
socket less so (multiple sockets can use the same flow).
I am not sure that the approach in lookup should be symmetric in that
case.
Regards,
Trent.
----------------------------------------------
Trent Jaeger, Associate Professor
Pennsylvania State University, CSE Dept
346A IST Bldg, University Park, PA 16802
Email: tjaeger at cse.psu.edu
Ph: (814) 865-1042, Fax: (814) 865-3176
More information about the redhat-lspp
mailing list