IBM 10 SP1 EAL4 Server User Manual

Open as PDF

of 246

Similarly, for UNIX domain sockets, bind() invokes unix_bind(). unix_bind() creates an entry in

the regular ext3 file system space. This process of creating an entry for a socket in the regular file system

space has to undergo all file system access control restrictions. The socket exists in the regular ext3 file

system space, and honors DAC policies of the ext3 file system. bind() may perform additional access

control checks by calling the security_socket_bind() LSM hook, but the SLES kernel does not use

this LSM hook. bind() does not create any data objects that are accessible to users, so there are no object

reuse issues to handle.

5.4.5.3 listen()

listen() indicates a willingness to accept incoming connections on a particular socket. A queue limit for

the number of incoming connections is specified with listen(). Other than checking the queue limit,

listen() does not perform DAC. It may perform additional access control checks by calling the

security_socket_listen() LSM hook but the SLES kernel does not use this hook. listen()

does not create any data objects that are accessible to users, so there are no object reuse issues to handle.

Only TCP sockets support the listen() system call.

5.4.5.4 accept()

accept() accepts a connection on a socket. accept() does not perform any access control. accept()

does not create any data objects that are accessible to users and therefore there are no object reuse issues to

handle. Only TCP sockets support accept() system call.

5.4.5.5 connect()

connect() initiates a connection on a socket. The socket must be listening for connections; otherwise, the

system call returns an error. Depending upon the type of the socket (stream for TCP or datagram for UDP),

connect() invokes the appropriate domain type specific connection function. connect() does not

perform DAC. It may perform additional access control checks by calling the

security_socket_connect() LSM hook, but the SLES kernel does not use this hook. connect()

does not create any data objects that are accessible to users, so there are no object reuse issues to handle.

Figure 5-21: bind() function for UNIX domain TCP socket

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM 10 SP1 EAL4 Server User Manual