git.baikalelectronics.ru Git - kernel.git/commit

author	Venkat Yekkirala <vyekkirala@TrustedCS.com>
	Tue, 25 Jul 2006 06:32:50 +0000 (23:32 -0700)
committer	David S. Miller <davem@sunset.davemloft.net>
	Fri, 22 Sep 2006 21:53:29 +0000 (14:53 -0700)
commit	fd649fbf67aa10963fb87a2a427c418cb8fd2614
tree	02adcb6fe6c346a8b99cf161ba5233ed1e572727	tree \| snapshot
parent	2c81e5cce68c06be0b8c611c5e3a63042b8fa5a0	commit \| diff

[MLSXFRM]: Auto-labeling of child sockets

This automatically labels the TCP, Unix stream, and dccp child sockets
as well as openreqs to be at the same MLS level as the peer. This will
result in the selection of appropriately labeled IPSec Security
Associations.

This also uses the sock's sid (as opposed to the isec sid) in SELinux
enforcement of secmark in rcv_skb and postroute_last hooks.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/security.h		diff \| blob \| history
include/net/request_sock.h		diff \| blob \| history
include/net/sock.h		diff \| blob \| history
net/dccp/ipv4.c		diff \| blob \| history
net/dccp/ipv6.c		diff \| blob \| history
net/ipv4/inet_connection_sock.c		diff \| blob \| history
net/ipv4/syncookies.c		diff \| blob \| history
net/ipv4/tcp_ipv4.c		diff \| blob \| history
net/ipv6/tcp_ipv6.c		diff \| blob \| history
security/dummy.c		diff \| blob \| history
security/selinux/hooks.c		diff \| blob \| history
security/selinux/xfrm.c		diff \| blob \| history