[redhat-lspp] Updated NetLabel patch
Stephen Smalley
sds at tycho.nsa.gov
Thu Jun 15 19:35:14 UTC 2006
On Thu, 2006-06-15 at 15:16 -0400, Paul Moore wrote:
> Sorry, I typed fork when I mean fork-and-exec, I understand why you
> wouldn't want to do a context transition on a fork.
>
> I guess I need to look at the xinetd sources as well as Trent's xinetd
> patch one more time as I didn't remember xinetd doing an accept(). I
> thought xinetd just setup a socket and waited for a select() to fire for
> the socket and then did the fork-and-exec. If that isn't the case then
> this is really going to require some thought ...
You'd have to accept before you could get the peer context - peer only
makes sense for a connected socket.
Per xinetd.conf, the wait attribute controls whether or not xinetd does
the accept on a per-service basis, and tcp services generally use wait =
no, which means xinetd handles accepting the connections.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list