[MLSXFRM]: Auto-labeling of child sockets

This automatically labels the TCP, Unix stream, and dccp child sockets as well as openreqs to be at the same MLS level as the peer. This will result in the selection of appropriately labeled IPSec Security Associations. This also uses the sock's sid (as opposed to the isec sid) in SELinux enforcement of secmark in rcv_skb and postroute_last hooks. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Venkat Yekkirala <vyekkirala@TrustedCS.com> 2006-07-25 02:32:50 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 17:53:29 -0400
commit: 4237c75c0a35535d7f9f2bfeeb4b4df1e068a0bf (patch)
tree: 02adcb6fe6c346a8b99cf161ba5233ed1e572727 /security/selinux/xfrm.c
parent: cb969f072b6d67770b559617f14e767f47e77ece (diff)
1 files changed, 0 insertions, 1 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index d3690f985135..3e742b850af6 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -271,7 +271,6 @@ not_from_user:
                goto out;
        }
        ctx->ctx_doi = XFRM_SC_DOI_LSM;
        ctx->ctx_alg = XFRM_SC_ALG_SELINUX;
        ctx->ctx_sid = ctx_sid;
author	Venkat Yekkirala <vyekkirala@TrustedCS.com>	2006-07-25 02:32:50 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 17:53:29 -0400
commit	4237c75c0a35535d7f9f2bfeeb4b4df1e068a0bf (patch)
tree	02adcb6fe6c346a8b99cf161ba5233ed1e572727 /security/selinux/xfrm.c
parent	cb969f072b6d67770b559617f14e767f47e77ece (diff)

diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index d3690f985135..3e742b850af6 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c
@@ -271,7 +271,6 @@ not_from_user:
271	goto out;	271	goto out;
272	}	272	}
273		273
274
275	ctx->ctx_doi = XFRM_SC_DOI_LSM;	274	ctx->ctx_doi = XFRM_SC_DOI_LSM;
276	ctx->ctx_alg = XFRM_SC_ALG_SELINUX;	275	ctx->ctx_alg = XFRM_SC_ALG_SELINUX;
277	ctx->ctx_sid = ctx_sid;	276	ctx->ctx_sid = ctx_sid;