Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next

author: James Morris <james.l.morris@oracle.com> 2014-07-19 03:39:19 -0400
committer: James Morris <james.l.morris@oracle.com> 2014-07-19 03:39:19 -0400
commit: 2ccf4661f315615d018686d91d030a94001d0cc6 (patch)
tree: f5374b5233ba5c43a4710bc8cbc5319091da044e /security/selinux/hooks.c
parent: 32c2e6752ff0f48fe03b9e1c7c64bde580a840d2 (diff)
parent: 615e51fdda6f274e94b1e905fcaf6111e0d9aa20 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a1ac1c5c729b..7740f61588d6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -161,6 +161,17 @@ static int selinux_peerlbl_enabled(void)
        return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled());
 }
+static int selinux_netcache_avc_callback(u32 event)
+{
+        if (event == AVC_CALLBACK_RESET) {
+                sel_netif_flush();
+                sel_netnode_flush();
+                sel_netport_flush();
+                synchronize_net();
+        }
+        return 0;
+}
 /*
 * initialise the security for the init task
 */
@@ -6002,6 +6013,9 @@ static __init int selinux_init(void)
        if (register_security(&selinux_ops))
                panic("SELinux: Unable to register with kernel.\n");
+        if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
+                panic("SELinux: Unable to register AVC netcache callback\n");
        if (selinux_enforcing)
                printk(KERN_DEBUG "SELinux:  Starting in enforcing mode\n");
        else
author	James Morris <james.l.morris@oracle.com>	2014-07-19 03:39:19 -0400
committer	James Morris <james.l.morris@oracle.com>	2014-07-19 03:39:19 -0400
commit	2ccf4661f315615d018686d91d030a94001d0cc6 (patch)
tree	f5374b5233ba5c43a4710bc8cbc5319091da044e /security/selinux/hooks.c
parent	32c2e6752ff0f48fe03b9e1c7c64bde580a840d2 (diff)
parent	615e51fdda6f274e94b1e905fcaf6111e0d9aa20 (diff)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a1ac1c5c729b..7740f61588d6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -161,6 +161,17 @@ static int selinux_peerlbl_enabled(void)
161	return (selinux_policycap_alwaysnetwork \|\| netlbl_enabled() \|\| selinux_xfrm_enabled());	161	return (selinux_policycap_alwaysnetwork \|\| netlbl_enabled() \|\| selinux_xfrm_enabled());
162	}	162	}
163		163
		164	static int selinux_netcache_avc_callback(u32 event)
		165	{
		166	if (event == AVC_CALLBACK_RESET) {
		167	sel_netif_flush();
		168	sel_netnode_flush();
		169	sel_netport_flush();
		170	synchronize_net();
		171	}
		172	return 0;
		173	}
		174
164	/*	175	/*
165	* initialise the security for the init task	176	* initialise the security for the init task
166	*/	177	*/
@@ -6002,6 +6013,9 @@ static __init int selinux_init(void)
6002	if (register_security(&selinux_ops))	6013	if (register_security(&selinux_ops))
6003	panic("SELinux: Unable to register with kernel.\n");	6014	panic("SELinux: Unable to register with kernel.\n");
6004		6015
		6016	if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
		6017	panic("SELinux: Unable to register AVC netcache callback\n");
		6018
6005	if (selinux_enforcing)	6019	if (selinux_enforcing)
6006	printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");	6020	printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
6007	else	6021	else