On Sat, Oct 27, 2001 at 03:58:22PM +1000, James Morris wrote:
> On Fri, 26 Oct 2001, Andi Kleen wrote:
>
> > security is basically on its way out; it was for a never completely merged
> > ipsec implementation from the fi/sinus firewalls guys and is largely
> > bitrotted
> > now (e.g. a lot of stack modules won't maintain it correctly anymore and
> > probably never have)
> > If you wanted to use it you would need to fix it first.
>
> [note: lsm added to the cc list]
>
> I was hoping that skb->security could be reassigned as a void pointer
> for use by LSM in 2.5, if LSM is accepted into the kernel.
void pointer alone without any rules for freeing and reference counting
(e.g. what to do with it on a skb_clone() or a skb_copy()) would not
make too much sense. Getting that right would be probably ugly
(similar to rusty's old abandoned ->cb attribute allocator)
>
> This would be used by LSM modules for maintaining security attributes
> between layers. Note that this may also be useful for Freeswan, as it
> should be possible now to implement ipsec as an LSM module.
Could you give a more detailed scenario what it would be needed for?
-Andi
|