On Wednesday 12 August 2009 03:28:40 pm Serge E. Hallyn wrote: > Quoting Paul Moore (paul.moore@xxxxxx): > > The TUN driver lacks any LSM hooks which makes it difficult for LSM > > modules, such as SELinux, to enforce access controls on network traffic > > generated by TUN users; this is particularly problematic for > > virtualization apps such as QEMU and KVM. This patch adds three new LSM > > hooks designed to control the creation and attachment of TUN devices, the > > hooks are: > > > > * security_tun_dev_create() > > Provides access control for the creation of new TUN devices > > > > * security_tun_dev_post_create() > > Provides the ability to create the necessary socket LSM state for > > newly created TUN devices > > > > * security_tun_dev_attach() > > Provides access control for attaching to existing, persistent TUN > > devices and the ability to update the TUN device's socket LSM state as > > necessary --- > > Acked-by: Serge Hallyn <serue@xxxxxxxxxx> Thanks. -- paul moore linux @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
