Quoting Dan Smith (danms@xxxxxxxxxx): > SH> At the moment you miss out on the security_socket_connect() call. > > Is that any different than the path involved when a process does a > socketpair() call? > > SH> Still your code is so customized that perhaps an explicit > SH> security_socket_connect() call in your sock_unix_join() may be the > SH> way to go... > > So, when I do the join, I really should run the check on both the > remote and local addresses, right? The join operation is not really a > connect in the sense of being one-sided... Ok well if a join is not a connect then ignore me. I'll set a block of time aside to take a closer look on your next submit. thanks, -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
