[redhat-lspp] auditing labeled ipsec
Steve Grubb
sgrubb at redhat.com
Thu Oct 12 14:24:05 UTC 2006
On Thursday 12 October 2006 10:16, Paul Moore wrote:
> PF_KEYv2 is a socket family/protocol defined by RFC2367 whose original goal
> was to standardize the interface between the in-kernel IPsec bits and the
> userland key management daemon.
OK, then the question becomes is the communication protocol asyncronous or
synchronous? If synchronous (the request is handled immediately and not
queued like netlink), then current task struct can be used. Otherwise, there
may be some more code needed to grab the loginuid during the send and store
it with the packet until dequeued. If it is async, there may be selinux
implications as well.
-Steve
More information about the Linux-audit
mailing list