SH> At the moment you miss out on the security_socket_connect() call. Is that any different than the path involved when a process does a socketpair() call? SH> Still your code is so customized that perhaps an explicit SH> security_socket_connect() call in your sock_unix_join() may be the SH> way to go... So, when I do the join, I really should run the check on both the remote and local addresses, right? The join operation is not really a connect in the sense of being one-sided... -- Dan Smith IBM Linux Technology Center email: danms@xxxxxxxxxx _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
