Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6: security: compile capabilities by default selinux: make selinux_set_mnt_opts() static SELinux: Add warning messages on network denial due to error SELinux: Add network ingress and egress control permission checks NetLabel: Add auditing to the static labeling mechanism NetLabel: Introduce static network labels for unlabeled connections SELinux: Allow NetLabel to directly cache SIDs SELinux: Enable dynamic enable/disable of the network access checks SELinux: Better integration between peer labeling subsystems SELinux: Add a new peer class and permissions to the Flask definitions SELinux: Add a capabilities bitmap to SELinux policy version 22 SELinux: Add a network node caching mechanism similar to the sel_netif_*() functions SELinux: Only store the network interface's ifindex SELinux: Convert the netif code to use ifindex values NetLabel: Add IP address family information to the netlbl_skbuff_getattr() function NetLabel: Add secid token support to the NetLabel secattr struct NetLabel: Consolidate the LSM domain mapping/hashing locks NetLabel: Cleanup the LSM domain hash functions NetLabel: Remove unneeded RCU read locks
author: Linus Torvalds <torvalds@linux-foundation.org> 2008-01-30 17:32:24 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-01-30 17:32:24 -0500
commit: 44c3b59102e3ecc7a01e9811862633e670595e51 (patch)
tree: 5bf397b2b4bd8fc08c59ad5f9f9c83874259da48 /security/selinux/avc.c
parent: 3b470ac43fcd9848fa65e58e54875ad75be61cec (diff)
parent: f71ea9ddf0ff110f3fcbb89a46686bfba264014c (diff)
1 files changed, 12 insertions, 3 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 81b3dff3cbf0..e8529e2f51e5 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -661,9 +661,18 @@ void avc_audit(u32 ssid, u32 tsid,
                                                    "daddr", "dest");
                                break;
                        }
-                        if (a->u.net.netif)
+                        if (a->u.net.netif > 0) {
-                                audit_log_format(ab, " netif=%s",
+                                struct net_device *dev;
-                                        a->u.net.netif);
+                                /* NOTE: we always use init's namespace */
+                                dev = dev_get_by_index(&init_net,
+                                                       a->u.net.netif);
+                                if (dev) {
+                                        audit_log_format(ab, " netif=%s",
+                                                         dev->name);
+                                        dev_put(dev);
+                                }
+                        }
                        break;
                }
        }
author	Linus Torvalds <torvalds@linux-foundation.org>	2008-01-30 17:32:24 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-01-30 17:32:24 -0500
commit	44c3b59102e3ecc7a01e9811862633e670595e51 (patch)
tree	5bf397b2b4bd8fc08c59ad5f9f9c83874259da48 /security/selinux/avc.c
parent	3b470ac43fcd9848fa65e58e54875ad75be61cec (diff)
parent	f71ea9ddf0ff110f3fcbb89a46686bfba264014c (diff)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 81b3dff3cbf0..e8529e2f51e5 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c
@@ -661,9 +661,18 @@ void avc_audit(u32 ssid, u32 tsid,
661	"daddr", "dest");	661	"daddr", "dest");
662	break;	662	break;
663	}	663	}
664	if (a->u.net.netif)	664	if (a->u.net.netif > 0) {
665	audit_log_format(ab, " netif=%s",	665	struct net_device *dev;
666	a->u.net.netif);	666
		667	/* NOTE: we always use init's namespace */
		668	dev = dev_get_by_index(&init_net,
		669	a->u.net.netif);
		670	if (dev) {
		671	audit_log_format(ab, " netif=%s",
		672	dev->name);
		673	dev_put(dev);
		674	}
		675	}
667	break;	676	break;
668	}	677	}
669	}	678	}