forge/linux-pinenote
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[MLSXFRM]: Auto-labeling of child sockets

Browse source 
This automatically labels the TCP, Unix stream, and dccp child sockets
as well as openreqs to be at the same MLS level as the peer. This will
result in the selection of appropriately labeled IPSec Security
Associations.

This also uses the sock's sid (as opposed to the isec sid) in SELinux
enforcement of secmark in rcv_skb and postroute_last hooks.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Venkat Yekkirala 2006-07-24 23:32:50 -07:00 committed by David S. Miller
commit 4237c75c0a
12 changed files with 197 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

1
include/net/sock.h
View file

@ -969,6 +969,7 @@ static inline void sock_graft(struct sock *sk, struct socket *parent)
sk->sk_sleep = &parent->wait;
parent->sk = sk;
sk->sk_socket = parent;
security_sock_graft(sk, parent);
write_unlock_bh(&sk->sk_callback_lock);
}