git.baikalelectronics.ru Git - kernel.git/commit

author	Harry Ciao <qingtao.cao@windriver.com>
	Wed, 2 Mar 2011 05:32:33 +0000 (13:32 +0800)
committer	Eric Paris <eparis@redhat.com>
	Thu, 3 Mar 2011 20:19:43 +0000 (15:19 -0500)
commit	27422978be9c5259aca1929af496fd3002c9417e
tree	02088cf519a00db5c6fbdb2cc8776402413eb662	tree \| snapshot
parent	f3052d3b427e0db6c01107e7f719af2991fcb86d	commit \| diff

SELinux: Socket retains creator role and MLS attribute

The socket SID would be computed on creation and no longer inherit
its creator's SID by default. Socket may have a different type but
needs to retain the creator's role and MLS attribute in order not
to break labeled networking and network access control.

The kernel value for a class would be used to determine if the class
if one of socket classes. If security_compute_sid is called from
userspace the policy value for a class would be mapped to the relevant
kernel value first.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

security/selinux/ss/mls.c		diff \| blob \| history
security/selinux/ss/mls.h		diff \| blob \| history
security/selinux/ss/services.c		diff \| blob \| history