[redhat-lspp] Labeled networking MLS constraints?
Venkat Yekkirala
vyekkirala at trustedcs.com
Wed Oct 18 14:11:06 UTC 2006
> >>Actually, if the incoming SYN can't be received by the listening
> >>socket, the handshake should fail at that point in time (as enforced
> >>in selinux_sock_rcv_skb). No child sock should be created. Have you
> >>noticed a different behavior?
> >
> > I thought there was part of the initial handshake that
> would get skipped over by
> > sock_rcv_skb() because either skb->sk_socket was NULL or
> the socket didn't have
> > a SID assigned yet. If that isn't the case then I think
> Klaus is you're new
> > best friend :)
> >
>
> Ungh, forget what I said above; I was thinking of the
> behavior before the
> MLSXFRM patches went into the kernel.
It WAS the behavior before the MLSXFRM changes went in as well.
More information about the redhat-lspp
mailing list