Hello all,
This patchset grew out of the SELinux UNIX domain socket patch that I
kicked around on this list several weeks ago that fixed a problem where
we weren't always setting a UNIX socket's peer label correctly. This
patchset still includes this fix but it also includes a number of other
improvements. I'm posting these patches as an RFC for two main reasons,
I haven't had a chance to give them the testing I want (they boot and
there are no obvious regressions in light usage) and they are based of
Linus' tree and not security-testing (I will fix that before submission).
However, if you want to give the patches a shot or even just review them
I would appreciate any feedback you care to send along.
For those of you who like to get your patches via git, this patchset can
also be found at the URL below:
* git://git.infradead.org/users/pcmoore/lblnet-2.6_testing
---
Paul Moore (6):
selinux: Update socket's label alongside inode's label
selinux: Set the peer label correctly on connected UNIX domain sockets
selinux: Consolidate sockcreate_sid logic
selinux: Shuffle the sk_security_struct alloc and free routines
selinux: Convert socket related access controls to use socket labels
selinux: Use current_security() when possible
security/selinux/hooks.c | 282 ++++++++++++++++-------------------
security/selinux/include/netlabel.h | 5 -
security/selinux/netlabel.c | 8 +
3 files changed, 139 insertions(+), 156 deletions(-)
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
