On Tue, 2 Sep 2008, Paul Moore wrote: > Previous work enabled the use of address based NetLabel selectors, which while > highly useful, brought the potential for additional per-packet overhead when > used. This patch attempts to solve that by applying NetLabel socket labels > when sockets are connect()'d. This should alleviate the per-packet NetLabel > labeling for all connected sockets (yes, it even works for connected DGRAM > sockets). > > Signed-off-by: Paul Moore <paul.moore@xxxxxx> > --- > > include/net/cipso_ipv4.h | 5 ++ > include/net/netlabel.h | 13 ++++++ > net/ipv4/cipso_ipv4.c | 47 +++++++++++++++++++++ > net/netlabel/netlabel_kapi.c | 77 +++++++++++++++++++++++++++++++++++ > security/selinux/hooks.c | 4 +- > security/selinux/include/netlabel.h | 8 ++++ > security/selinux/include/objsec.h | 3 + > security/selinux/netlabel.c | 48 +++++++++++++++++++++- > 8 files changed, 201 insertions(+), 4 deletions(-) Acked-by: James Morris <jmorris@xxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
