On Wed, 21 Jun 2006, Herbert Xu wrote:
> On Tue, Jun 20, 2006 at 08:50:55PM -0400, Venkat Yekkirala wrote:
> >
> > Nope. It would actually overwrite the pointer, so we put it away before
> > memcpy
> > and set it back after memcpy.
>
> Right, I misread it as sptr = osk->sk_security. Still, it'd
On Tue, Jun 20, 2006 at 08:50:55PM -0400, Venkat Yekkirala wrote:
>
> Nope. It would actually overwrite the pointer, so we put it away before
> memcpy
> and set it back after memcpy.
Right, I misread it as sptr = osk->sk_security. Still, it'd be nice to
optimise it away for the !SECURITY case.
C
> > +static inline void sock_copy(struct sock *nsk, const
> struct sock *osk)
> > +{
> > + void *sptr = nsk->sk_security;
> > +
> > + memcpy(nsk, osk, osk->sk_prot->obj_size);
> > + nsk->sk_security = sptr;
>
> I don't get it. Why do you put sk_security away and then set it back.
> Doesn't
On Tue, Jun 20, 2006 at 06:23:50PM +, Venkat Yekkirala wrote:
>
> --- linux-2.6.16.vanilla/include/net/sock.h 2006-06-19
> 17:02:23.0 -0500
> +++ linux-2.6.16/include/net/sock.h 2006-06-19 19:48:24.0 -0500
> @@ -964,6 +964,15 @@ static inline void sock_graft(struct soc
>
This adds security for IP sockets at the sock level. Security at the
sock level is needed to enforce the SELinux security policy for security
associations even when a sock is orphaned (such as in the TCP LAST_ACK state).
Signed-off-by: Venkat Yekkirala <[EMAIL PROTECTED]>
---
include/linux/secur
