* Could I export the udp socket security contexts to /proc/net/udp
@ 2011-07-28 5:38 Rongqing Li
2011-08-03 8:07 ` Rongqing Li
0 siblings, 1 reply; 3+ messages in thread
From: Rongqing Li @ 2011-07-28 5:38 UTC (permalink / raw)
To: netdev
Hi Linux-netdev folks:
Could I export the socket security contexts to udp, tcp, raw,
unix file under /proc/net/?
If can not, Could you tell me where and how I should export this
information to?
The element sk_security of struct sock represents the socket
security context ID, which is inheriting from the process which
creates this socket most of the time.
but when SELinux type_transition rule is applied to socket, or
application sets /proc/xxx/attr/createsock, the socket security
context would be different from the creating process. on this
condition, the "netstat -Z" will return wrong value, since
"netstat -Z" only returns the process security context as socket
process security.
I want to fix "netstat -Z", but first the kernel must export this
information, like /proc/xxx/attr/current is the process security
context. So I have this requirement.
Expect your instruction.
Thanks.
--
Best Reagrds,
Roy | RongQing Li
-------------------------------------------------------------
WIND RIVER Beijing | China Development Center
Phone: +86-10-6483-5025, Cell: +86-135-2202-9864, Fax: +86-10-6479-0367
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Could I export the udp socket security contexts to /proc/net/udp
2011-07-28 5:38 Could I export the udp socket security contexts to /proc/net/udp Rongqing Li
@ 2011-08-03 8:07 ` Rongqing Li
2011-08-03 8:11 ` David Miller
0 siblings, 1 reply; 3+ messages in thread
From: Rongqing Li @ 2011-08-03 8:07 UTC (permalink / raw)
To: David Miller; +Cc: netdev
Hi David:
Could you give some comments to my thought?
Thanks very much
Br
On 07/28/2011 01:38 PM, Rongqing Li wrote:
> Hi Linux-netdev folks:
>
> Could I export the socket security contexts to udp, tcp, raw,
> unix file under /proc/net/?
>
>
> If can not, Could you tell me where and how I should export this
> information to?
>
>
> The element sk_security of struct sock represents the socket
> security context ID, which is inheriting from the process which
> creates this socket most of the time.
>
>
> but when SELinux type_transition rule is applied to socket, or
> application sets /proc/xxx/attr/createsock, the socket security
> context would be different from the creating process. on this
> condition, the "netstat -Z" will return wrong value, since
> "netstat -Z" only returns the process security context as socket
> process security.
>
>
> I want to fix "netstat -Z", but first the kernel must export this
> information, like /proc/xxx/attr/current is the process security
> context. So I have this requirement.
>
>
> Expect your instruction.
>
> Thanks.
>
--
Best Reagrds,
Roy | RongQing Li
-------------------------------------------------------------
WIND RIVER Beijing | China Development Center
Phone: +86-10-6483-5025, Cell: +86-135-2202-9864, Fax: +86-10-6479-0367
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Could I export the udp socket security contexts to /proc/net/udp
2011-08-03 8:07 ` Rongqing Li
@ 2011-08-03 8:11 ` David Miller
0 siblings, 0 replies; 3+ messages in thread
From: David Miller @ 2011-08-03 8:11 UTC (permalink / raw)
To: rongqing.li; +Cc: netdev
From: Rongqing Li <rongqing.li@windriver.com>
Date: Wed, 3 Aug 2011 16:07:46 +0800
> Hi David:
>
> Could you give some comments to my thought?
Singling me out directly is not helpful, I'm overloaded as it is
and am unlikely to reply to your query.
I didn't ask you to post here in order to just duplicate the same
problem that emailing me privately creates.
I asked you to post here so that any developer, not just me, could
reply.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-08-03 8:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-28 5:38 Could I export the udp socket security contexts to /proc/net/udp Rongqing Li
2011-08-03 8:07 ` Rongqing Li
2011-08-03 8:11 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).