From: Evgeniy Polyakov <[EMAIL PROTECTED]> Date: Sun, 28 May 2006 19:33:21 +0400
> Does SELinux have security handlers for each type of possible ioctls > over the world? Each ioctl number is like each netlink type of message, > but instead there is only one check per ioctl syscall as long as lsm > hook for socket's send/recv syscall. Yes, the problem is similar to what the compat layer needs to face. But I think James will tell us that SELinux has a way that it handles the mess that is ioctl(). :-) More to the point I think that none of this will be handled transparently unless the onus is put on new netlink module users. Ie. make the register of a netlink subsystem user (either direct netlink or via generic netlink) fail if the operations don't provide the SELinux handlers. Otherwise, the SELinux folks will continually be playing catchup writing the handlers. That doesn't scale. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
