[redhat-lspp] Labeled networking MLS constraints?
Paul Moore
paul.moore at hp.com
Tue Oct 17 21:22:54 UTC 2006
Paul Moore wrote:
> Venkat Yekkirala wrote:
>>
>>Actually, if the incoming SYN can't be received by the listening
>>socket, the handshake should fail at that point in time (as enforced
>>in selinux_sock_rcv_skb). No child sock should be created. Have you
>>noticed a different behavior?
>
> I thought there was part of the initial handshake that would get skipped over by
> sock_rcv_skb() because either skb->sk_socket was NULL or the socket didn't have
> a SID assigned yet. If that isn't the case then I think Klaus is you're new
> best friend :)
>
Ungh, forget what I said above; I was thinking of the behavior before the
MLSXFRM patches went into the kernel.
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list