netdev
[Top] [All Lists]

Re: [PATCH] BSD Jail LSM (2/3)

To: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [PATCH] BSD Jail LSM (2/3)
From: hallyn@xxxxxxxxx (Serge E. Hallyn)
Date: Mon, 13 Sep 2004 11:08:51 -0400
Cc: Chris Wright <chrisw@xxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, akpm@xxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <1095072996.14355.12.camel@xxxxxxxxxxxxxxxxxxxxx>
References: <1094847705.2188.94.camel@xxxxxxxxxxxxxxxxxxxx> <1094847787.2188.101.camel@xxxxxxxxxxxxxxxxxxxx> <1094844708.18107.5.camel@xxxxxxxxxxxxxxxxxxxxx> <20040912233342.GA12097@xxxxxxxxxxxxxxxx> <1095072996.14355.12.camel@xxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6i
Quoting Alan Cox (alan@xxxxxxxxxxxxxxxxxxx):
> On Llu, 2004-09-13 at 00:33, Serge E. Hallyn wrote:
> > Right now one must choose between either an ipv4 or ipv6 interface.
> > Is typical ipv6 usage such that it would be preferable to be able to
> > specify one of each?  
> 
> Its normal to have both yes.
> 
> A more interesting question is whether all of the "which socket for
> which use" stuff could be addressed by netfilter chains run at
> bind/connect time ?

You mean to add two new netfilter hooks?  Would these then replace the
LSM hooks?

-serge

<Prev in Thread] Current Thread [Next in Thread>