-
- Downloads
selinux: Set socket NetLabel based on connection endpoint
Previous work enabled the use of address based NetLabel selectors, which while highly useful, brought the potential for additional per-packet overhead when used. This patch attempts to solve that by applying NetLabel socket labels when sockets are connect()'d. This should alleviate the per-packet NetLabel labeling for all connected sockets (yes, it even works for connected DGRAM sockets). Signed-off-by:Paul Moore <paul.moore@hp.com> Reviewed-by:
Showing
- include/net/cipso_ipv4.h 5 additions, 0 deletionsinclude/net/cipso_ipv4.h
- include/net/netlabel.h 13 additions, 0 deletionsinclude/net/netlabel.h
- net/ipv4/cipso_ipv4.c 74 additions, 0 deletionsnet/ipv4/cipso_ipv4.c
- net/netlabel/netlabel_kapi.c 77 additions, 1 deletionnet/netlabel/netlabel_kapi.c
- security/selinux/hooks.c 6 additions, 5 deletionssecurity/selinux/hooks.c
- security/selinux/include/netlabel.h 16 additions, 3 deletionssecurity/selinux/include/netlabel.h
- security/selinux/include/objsec.h 1 addition, 0 deletionssecurity/selinux/include/objsec.h
- security/selinux/netlabel.c 119 additions, 28 deletionssecurity/selinux/netlabel.c
Loading
Please register or sign in to comment