On Mon, 13 Nov 2006, Paul Moore wrote: > Based on my simple understanding of DCCP it looks okay to me, i.e. all the > relevant things we do for TCP seem to be done now for DCCP. Also, I don't think > adding labeled networking support should be all that difficult; basically we > would need to do the following (can anyone think of anything else?): > > 1. Add the security_inet_conn_established() hook to the DCCP code path (if it > isn't there already, need to check) so that the last part of the DCCP handshake > is caught by the LSM. > 2. Add the DCCP socket class to the SELinux NetLabel code. Yep, it should be identical to TCP in the simplest case. It may be possible to label services within a connection (kind of like substreams), but it'd need to be supported by xfrm and IPsec first. - James -- James Morris <jmorris@xxxxxxxxx> - To unsubscribe from this list: send the line "unsubscribe dccp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
