On Wed, 10 Dec 2003 11:33:53 -0500 (EST)
James Morris <jmorris@xxxxxxxxxx> wrote:
> Three new LSM hooks have been implemented:
> - socket_getpeersec() is the getsockopt interface.
> - sk_alloc_security() and sk_free_security() facilitate the use of an
> sk_security field, which is used to store the security credentials of
> the Unix peer. We can't use an existing security field for this (e.g.
> inode), as we need the security credentials of the server's child
> socket. This follows the same general scheme used for managing existing
> Unix peer credentials.
I'm fine with this conceptually, although the earliest I could put
this into the tree is 2.6.1 although I have a hunch that I'll be
asked to defer something like this to 2.6.2, but who knows.
The one thing I don't like is the ifdef conditionalized member of
the sock struct. We should move away from config variables changing
structure layouts. Even a "void *sk_security;" would be better.