bianbu-repo-mirror/bianbu-linux-6.6
1
0
Fork 0
mirror of https://gitee.com/bianbu-linux/linux-6.6 synced 2025-07-01 23:53:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

selinux: Set socket NetLabel based on connection endpoint

Browse source 
Previous work enabled the use of address based NetLabel selectors, which while
highly useful, brought the potential for additional per-packet overhead when
used.  This patch attempts to solve that by applying NetLabel socket labels
when sockets are connect()'d.  This should alleviate the per-packet NetLabel
labeling for all connected sockets (yes, it even works for connected DGRAM
sockets).

Signed-off-by: Paul Moore <paul.moore@hp.com>
Reviewed-by: James Morris <jmorris@namei.org>
This commit is contained in:
Paul Moore 2008-10-10 10:16:33 -04:00
parent 948bf85c1b
commit 014ab19a69
8 changed files with 311 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

1
security/selinux/include/objsec.h
View file

@ -118,6 +118,7 @@ struct sk_security_struct {
NLBL_REQUIRE,
NLBL_LABELED,
NLBL_REQSKB,
NLBL_CONNLABELED,
} nlbl_state;
#endif
};