Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750716AbWCMDSx (ORCPT ); Sun, 12 Mar 2006 22:18:53 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751300AbWCMDSx (ORCPT ); Sun, 12 Mar 2006 22:18:53 -0500 Received: from mx1.redhat.com ([66.187.233.31]:11149 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S1750716AbWCMDSx (ORCPT ); Sun, 12 Mar 2006 22:18:53 -0500 Date: Sun, 12 Mar 2006 22:18:49 -0500 (EST) From: James Morris X-X-Sender: jmorris@redline.boston.redhat.com To: Andrew Morton cc: linux-kernel@vger.kernel.org Subject: Re: 2.6.16-rc6-mm1 In-Reply-To: <20060312031036.3a382581.akpm@osdl.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1151 Lines: 33 On Sun, 12 Mar 2006, Andrew Morton wrote: > Author: Catherine Zhang > Date: Fri Mar 10 00:34:15 2006 -0800 > > [SECURITY]: TCP/UDP getpeersec > > This patch implements an application of the LSM-IPSec networking > controls whereby an application can determine the label of the > security association its TCP or UDP sockets are currently connected to > via getsockopt and the auxiliary data mechanism of recvmsg. > > Which I am sure is very good. Think of it as an extension of the existing Linux SO_PASSCRED for Unix sockets, which currently allow you to authenticate the uid/gid/pid of a local peer process with which you are communicating. But now extended to other security information such as an SELinux security context, and for non-local processes, protected and authenticated via IPsec. - James -- James Morris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/