The SELinux labeled IPsec has languished for a few years without any
housekeeping, this patchset attempts to tidy up the code and sweep
away the dust bunnies hiding in the corners.
Most of the patchset is fairly trivial with the exception of the first
patch (1/8) which has some substance to it but doesn't actually affect
the behavior of the labeled IPsec code, it just makes it more sensible.
---
Paul Moore (8):
lsm: split the xfrm_state_alloc_security() hook implementation
selinux: cleanup and consolidate the XFRM alloc/clone/delete/free code
selinux: cleanup selinux_xfrm_policy_lookup() and selinux_xfrm_state_pol_flow_match()
selinux: cleanup selinux_xfrm_sock_rcv_skb() and selinux_xfrm_postroute_last()
selinux: cleanup some comment and whitespace issues in the XFRM code
selinux: cleanup selinux_xfrm_decode_session()
selinux: cleanup the XFRM header
selinux: remove the BUG_ON() from selinux_skb_xfrm_sid()
include/linux/security.h | 26 ++
security/capability.c | 15 +
security/security.c | 13 -
security/selinux/hooks.c | 11 +
security/selinux/include/xfrm.h | 45 ++--
security/selinux/xfrm.c | 453 +++++++++++++++++----------------------
6 files changed, 262 insertions(+), 301 deletions(-)
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
