git.baikalelectronics.ru Git - kernel.git/commit

author	James Morris <jmorris@namei.org>
	Tue, 14 Nov 2006 00:09:01 +0000 (16:09 -0800)
committer	David S. Miller <davem@sunset.davemloft.net>
	Sun, 3 Dec 2006 05:22:24 +0000 (21:22 -0800)
commit	66c91235f5c559e6188bb34e131d650c74f09927
tree	bdf7c64514a5063ba4ef41915f9efb6f803fc38a	tree \| snapshot
parent	9e35f9cbe04b5df063f9640fec034158af4169a9	commit \| diff

[SELinux]: Add support for DCCP

This patch implements SELinux kernel support for DCCP
(http://linux-net.osdl.org/index.php/DCCP), which is similar in
operation to TCP in terms of connected state between peers.

The SELinux support for DCCP is thus modeled on existing handling of
TCP.

A new DCCP socket class is introduced, to allow protocol
differentation. The permissions for this class inherit all of the
socket permissions, as well as the current TCP permissions (node_bind,
name_bind etc). IPv4 and IPv6 are supported, although labeled
networking is not, at this stage.

Patches for SELinux userspace are at:
http://people.redhat.com/jmorris/selinux/dccp/user/

I've performed some basic testing, and it seems to be working as
expected. Adding policy support is similar to TCP, the only real
difference being that it's a different protocol.

Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

security/selinux/hooks.c		diff \| blob \| history
security/selinux/include/av_inherit.h		diff \| blob \| history
security/selinux/include/av_perm_to_string.h		diff \| blob \| history
security/selinux/include/av_permissions.h		diff \| blob \| history
security/selinux/include/class_to_string.h		diff \| blob \| history
security/selinux/include/flask.h		diff \| blob \| history