* James Morris <[EMAIL PROTECTED]> 2005-11-10 10:15
> For SELinux, we'll need to track genl ID assignment and deletion, so we
> can determine what the Netlink family number means when we see a Netlink
> message. We'll have to assume that the sysadmin has not changed the
> module name.
>
> Forgot to add that I think we'll need to add an LSM hook in
> genl_ctrl_event(), which passes the family name, id and event type to the
> LSM module.
>
> Something like:
>
> void security_netlink_genl_event(int event, unsigned int id, const char
> *name);
Couldn't we have SELinux ask the controller to resolve the ID to
the name? The assignments are already stored in family_ht[], we'd
just have to export genl_family_find_byname() I guess.
> Could you consider adding a prefix to struct members to help grepping the
> code?
I always have a hard time to decide when to include prefixes and when
to avoid them. I did avoid them in this case because except for
genl_info which has somewhat unique member names all structs are only
used at initialization time outside of genetlink.c so far but SELinux
might just change this. So yes, it might be a good idea to add prefixes,
better now than later.
> Looks like cool stuff. Are you replacing the Netlink connector?
Yes, that is the "big plan". Actually we're already quite near that
goal. I don't really like the connector code, the idea is good and
a demand is there, the implementation is just not optimal.
More generic netlink family related bits including experimental
iproute2 patches and example code can be found here:
http://people.suug.ch/~tgr/genl/
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
