[redhat-lspp] xinetd patch 2
Steve Grubb
sgrubb at redhat.com
Tue Aug 29 15:41:00 UTC 2006
On Tuesday 29 August 2006 11:29, Rosalie Hiebel wrote:
> Are there plans to implement xinetd support for labeled networking
> for all services (and not just external tcp nowait) ?
No. It cannot be done in some cases.
For udp services the label travels with the packet. So, xinetd would have to
read the datagram to get this information. This behavior would not follow
what it does for non-labeled networking code, so it would probably break
things.
For tcp-wait services, xinetd does not call accept. Therefore it cannot get at
any information for the connection. The application will have to do this and
call execcon.
For internal services, they are all troubleshooting or can be replaced by an
external shell script that does the same thing with minimal effort (echo,
discard, date, etc). The problem here is that not all internal services
fork - which means that xinetd itself would be calling execcon. I don't think
we want that either.
-Steve
More information about the redhat-lspp
mailing list