On Fri, 2004-10-08 at 05:31, Luke Kenneth Casson Leighton wrote: > an alternative possible solution is to get the packet _out_ from > the interrupt context and have the aux pid comm exe information added. No, the network permission checks are intentionally layered to match the network protocol implementation. There is a process-to-socket check performed in process context when the data is received from the socket by an actual process, but there is also the socket-to-netif/node/port check performed in softirq context when the packet is received on the socket from the network. -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
