I finally got a chance to cobble together some tests to verify both
getpeercon() on the client end of a connected UNIX domain socket as well
as the proper operation of fsetxattr() on sockets. I'm happy to report
that everything worked as I expected it to (UNIX sockets now behave like
INET sockets) and nothing exploded. This latest version of the patchset
should include all the feedback I've received so far as well as my
sign-off on each patch so I think we should be in good shape at this
point. As a result, I'm submitting these patches for whatever kernel
release looks most appropriate - maybe to late for .35, but you might
be able to make a weak argument that some of the patches are
bugfixes - regardless, I'll let you guys make that call; as long as
they go somewhere I'll be happy.
For those of you using git, you can also find a copy of the patches at
the URL below.
* git://git.infradead.org/users/pcmoore/lblnet-2.6_testing
Thanks.
---
Paul Moore (6):
selinux: Update socket's label alongside inode's label
selinux: Set the peer label correctly on connected UNIX domain sockets
selinux: Consolidate sockcreate_sid logic
selinux: Shuffle the sk_security_struct alloc and free routines
selinux: Convert socket related access controls to use socket labels
selinux: Use current_security() when possible
security/selinux/hooks.c | 286 +++++++++++++++++------------------
security/selinux/include/netlabel.h | 5 -
security/selinux/netlabel.c | 8 +
3 files changed, 144 insertions(+), 155 deletions(-)
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
