[Devel] Re: LSM stacking/secondary modules / RFC: Socket MAC LSM
Stephan Peijnik
stephan at peijnik.at
Thu Jan 15 09:58:08 PST 2009
On Thu, 2009-01-15 at 09:25 -0800, Paul Menage wrote:
> On Thu, Jan 15, 2009 at 5:57 AM, Stephan Peijnik <stephan at peijnik.at> wrote:
> >
> > So Paul, do you think the interface would be of any use to you?
>
> Potentially, yes. My concern was that we not add another new
> (incomplete) userspace API in cgroups for doing socket permissions -
> hooking into iptables was one way to do it, but if sactl is going to
> become the official way to do this, then hooking a cgroups filter into
> that seems like a good alternative.
Just to clarify that: sactl is my pet project and inclusion in
linux-next (or whenever) has not been discussed yet, but if enough
potential users pop up I would love try getting it included.
I rather meant to ask if this interface could be of any use to you (and
others) and whether you would want/need any modifications to it, if
there are any flaws in its design, bugs in the code, etc.
-- Stephan
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list