FW: [redhat-lspp] Re: [RFC] [MLSXFRM 02/04] Add enforcement to SE Linux LSM
Venkat Yekkirala
vyekkirala at TrustedCS.com
Fri Jun 16 20:58:39 UTC 2006
-----Original Message-----
From: Venkat Yekkirala
Sent: Friday, June 16, 2006 3:31 PM
To: 'Trent Jaeger'; Venkat Yekkirala
Cc: redhat-lspp at redhat.com; sds at tycho.nsa.gov; latten at austin.ibm.com;
jmorris at redhat.com
Subject: RE: [redhat-lspp] Re: [RFC] [MLSXFRM 02/04] Add enforcement to
SE Linux LSM
> In selinux_xfrm_policy_lookup, we check that the fl_sid has
> access to
> the xfrm policy's sid before using that policy.
>
> On input, I take this to mean that we must have granted the type of
> the SA access to the policy,
That is correct.
> and the case of the server receiving a
> packet from a client these would be the same (client's type).
Probably, but since we have the SA Type delinked from the xfrm_policy Type
it's all entirely upto the policy.
More information about the redhat-lspp
mailing list