diff options
author | Venkat Yekkirala <vyekkirala@TrustedCS.com> | 2006-07-24 23:32:50 -0700 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 14:53:29 -0700 |
commit | 4237c75c0a35535d7f9f2bfeeb4b4df1e068a0bf (patch) | |
tree | 02adcb6fe6c346a8b99cf161ba5233ed1e572727 /include/net | |
parent | cb969f072b6d67770b559617f14e767f47e77ece (diff) |
[MLSXFRM]: Auto-labeling of child sockets
This automatically labels the TCP, Unix stream, and dccp child sockets
as well as openreqs to be at the same MLS level as the peer. This will
result in the selection of appropriately labeled IPSec Security
Associations.
This also uses the sock's sid (as opposed to the isec sid) in SELinux
enforcement of secmark in rcv_skb and postroute_last hooks.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/request_sock.h | 1 | ||||
-rw-r--r-- | include/net/sock.h | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/include/net/request_sock.h b/include/net/request_sock.h index c5d7f920c35..8e165ca16bd 100644 --- a/include/net/request_sock.h +++ b/include/net/request_sock.h @@ -53,6 +53,7 @@ struct request_sock { unsigned long expires; struct request_sock_ops *rsk_ops; struct sock *sk; + u32 secid; }; static inline struct request_sock *reqsk_alloc(struct request_sock_ops *ops) diff --git a/include/net/sock.h b/include/net/sock.h index 91cdceb3c02..337ebec84c7 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -969,6 +969,7 @@ static inline void sock_graft(struct sock *sk, struct socket *parent) sk->sk_sleep = &parent->wait; parent->sk = sk; sk->sk_socket = parent; + security_sock_graft(sk, parent); write_unlock_bh(&sk->sk_callback_lock); } |