stephensmalley
commented
7 years ago Sorry, what does this mean?
Closed pcmoore closed 7 years ago
stephensmalley
commented
7 years ago Sorry, what does this mean?
pcmoore
commented
7 years ago My apologies, those title changes sure made a mess of the history for little benefit.
Anyway, I believe the original intent of this request was to support a common method of requesting network peer label information across TCP/UDP. I haven't looked into this at all, but it seemed like a reasonable request so I wanted to carry it over from the wiki todo list. If someone wants to look at it and rule it out as a silly request, that's fine by me.
stephensmalley
commented
7 years ago We have SO_PEERSEC for TCP/stream, and IP_PASSSEC / SCM_SECURITY for UDP/datagram. IMHO, that's correct. No need to support anything more. The only request we've ever had for SCM_SECURITY support on stream was for Unix/local sockets, and that was from systemd, and they ultimately realized that they didn't need/want it after all - they switched to using SO_PEERSEC. We did end up adding support for SCM_SECURITY for Unix/local stream sockets, because it was trivial to support, but I don't really see the point for TCP and I'm not sure it is trivial there.
pcmoore
commented
7 years ago Fair enough.
Support SOL_IP/IP_PASSSEC and SOL_SOCKET/SO_PASSSEC for both datagram and stream sockets.