On Fri, Oct 08, 2004 at 07:18:42AM -0400, Stephen Smalley wrote: > On Fri, 2004-10-08 at 05:31, Luke Kenneth Casson Leighton wrote: > > an alternative possible solution is to get the packet _out_ from > > the interrupt context and have the aux pid comm exe information added. > > No, the network permission checks are intentionally layered to match the > network protocol implementation. There is a process-to-socket check > performed in process context when the data is received from the socket > by an actual process, but there is also the socket-to-netif/node/port > check performed in softirq context when the packet is received on the > socket from the network. ah. oh well! - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
