[redhat-lspp] Re: [RFC 2/7] NetLabel: core network changes
Steve Grubb
sgrubb at redhat.com
Thu Jun 22 15:05:00 UTC 2006
On Thursday 22 June 2006 05:00, David Miller wrote:
> > #define NETLINK_GENERIC 16
> > +#define NETLINK_NETLABEL 17 /* Network packet labeling */
> >
> > #define MAX_LINKS 32
>
> Please use generic netlink.
Since this is a security interface, shouldn't it be its own protocol so that
SE Linux can control commands being sent? Paul's patches do include a netlink
table in security/selinux/nlmsgtab.c. But I do not see any hooks to control
generic netlink messages. (There seems to be several protocols that SE Linux
is not controlling.) I could see that someone in secadm role should be able
to issue these commands, but someone at sysadm or auditadm would not.
If moving this over to generic is a must, then I think SE Linux will have to
clip into generic to control its packet flow.
-Steve
More information about the redhat-lspp
mailing list