On Wednesday 01 July 2009 07:53:30 pm James Morris wrote: > On Wed, 1 Jul 2009, Paul Moore wrote: > > On Wednesday 01 July 2009 06:42:36 pm James Morris wrote: > > > On Wed, 1 Jul 2009, Paul Moore wrote: > > > > Well, if we can't do it in sk_alloc() then I think we are stuck with > > > > a new hook; which just seems wrong. > > > > > > Why isn't the TUN driver calling the same code as other socket creating > > > code? > > > > The other socket creating code handles the final setup/initialization in > > the security_socket_post_create() hook which operates on sockets not > > socks. > > I wonder if passing a flag might be better than the prot argument, which > allows the caller to indicate what kind of initialization it's doing, > rather than what will be seen as another protocol layering violation (i.e. > the security model poking around to find out what kind of protocol & > changing its behaviour). Good point. I'm going to be reworking the solution a bit, but if I still need to do something like this I'll go the flag route. -- paul moore linux @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
