[redhat-lspp] auditing labeled ipsec
Joy Latten
latten at austin.ibm.com
Fri Oct 13 21:34:18 UTC 2006
On Thu, 2006-10-12 at 10:24 -0400, Steve Grubb wrote:
> On Thursday 12 October 2006 10:16, Paul Moore wrote:
> > PF_KEYv2 is a socket family/protocol defined by RFC2367 whose original goal
> > was to standardize the interface between the in-kernel IPsec bits and the
> > userland key management daemon.
>
> OK, then the question becomes is the communication protocol asyncronous or
> synchronous? If synchronous (the request is handled immediately and not
> queued like netlink), then current task struct can be used. Otherwise, there
> may be some more code needed to grab the loginuid during the send and store
> it with the packet until dequeued. If it is async, there may be selinux
> implications as well.
>
pfkey doesn't appear to use a queue like netlink... it registers socket
protocol operations such as .recvmsg and .sendmsg which get called via
sock_recvmsg and sock_sendmsg.
Joy
More information about the Linux-audit
mailing list