Re: 2.6.9-rc2-mm4-VP-S7 - ksoftirq and selinux oddity

netdev

Re: 2.6.9-rc2-mm4-VP-S7 - ksoftirq and selinux oddity

To:	Stephen Smalley <sds@xxxxxxxxxxxxxx>
Subject:	Re: 2.6.9-rc2-mm4-VP-S7 - ksoftirq and selinux oddity
From:	Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Date:	Fri, 8 Oct 2004 12:37:10 +0100
Cc:	Valdis Kletnieks <Valdis.Kletnieks@xxxxxx>, lkml <linux-kernel@xxxxxxxxxxxxxxx>, SELinux@xxxxxxxxxxxxx, Ingo Molnar <mingo@xxxxxxxxxx>, netdev@xxxxxxxxxxx, linux-net@xxxxxxxxxxxxxxx
In-reply-to:	<1097234322.16641.3.camel@moss-spartans.epoch.ncsc.mil>
Mail-followup-to:	Stephen Smalley <sds@xxxxxxxxxxxxxx>, Valdis Kletnieks <Valdis.Kletnieks@xxxxxx>, lkml <linux-kernel@xxxxxxxxxxxxxxx>, SELinux@xxxxxxxxxxxxx, Ingo Molnar <mingo@xxxxxxxxxx>, netdev@xxxxxxxxxxx, linux-net@xxxxxxxxxxxxxxx
References:	<200410070542.i975gkHV031259@turing-police.cc.vt.edu> <1097157367.13339.38.camel@moss-spartans.epoch.ncsc.mil> <20041008093154.GA5089@lkcl.net> <1097234322.16641.3.camel@moss-spartans.epoch.ncsc.mil>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.5.1+cvs20040105i

On Fri, Oct 08, 2004 at 07:18:42AM -0400, Stephen Smalley wrote:
> On Fri, 2004-10-08 at 05:31, Luke Kenneth Casson Leighton wrote:
> >  an alternative possible solution is to get the packet _out_ from
> >  the interrupt context and have the aux pid comm exe information added.
> 
> No, the network permission checks are intentionally layered to match the
> network protocol implementation.  There is a process-to-socket check
> performed in process context when the data is received from the socket
> by an actual process, but there is also the socket-to-netif/node/port
> check performed in softirq context when the packet is received on the
> socket from the network.
 
 ah.  oh well!

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
2.6.9-rc2-mm4-VP-S7 - ksoftirq and selinux oddity, Valdis . Kletnieks Re: 2.6.9-rc2-mm4-VP-S7 - ksoftirq and selinux oddity, Stephen Smalley Re: 2.6.9-rc2-mm4-VP-S7 - ksoftirq and selinux oddity, Luke Kenneth Casson Leighton Re: 2.6.9-rc2-mm4-VP-S7 - ksoftirq and selinux oddity, Stephen Smalley Re: 2.6.9-rc2-mm4-VP-S7 - ksoftirq and selinux oddity, Luke Kenneth Casson Leighton <= Re: 2.6.9-rc2-mm4-VP-S7 - ksoftirq and selinux oddity, Ingo Molnar

Previous by Date:	Re: 2.6.9-rc2-mm4-VP-S7 - ksoftirq and selinux oddity, Stephen Smalley
Next by Date:	[PATCH] Update tcp_tso_win_divisor sysctl information in ip-sysctl.txt, Maciej Soltysiak
Previous by Thread:	Re: 2.6.9-rc2-mm4-VP-S7 - ksoftirq and selinux oddity, Stephen Smalley
Next by Thread:	Re: 2.6.9-rc2-mm4-VP-S7 - ksoftirq and selinux oddity, Ingo Molnar
Indexes:	[Date] [Thread] [Top] [All Lists]