summaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
authorHarry Ciao <qingtao.cao@windriver.com>2011-03-02 06:32:33 +0100
committerEric Paris <eparis@redhat.com>2011-03-03 21:19:43 +0100
commit6f5317e730505d5cbc851c435a2dfe3d5a21d343 (patch)
tree02088cf519a00db5c6fbdb2cc8776402413eb662 /security/selinux/hooks.c
parentSELinux: Auto-generate security_is_socket_class (diff)
downloadlinux-6f5317e730505d5cbc851c435a2dfe3d5a21d343.tar.xz
linux-6f5317e730505d5cbc851c435a2dfe3d5a21d343.zip
SELinux: Socket retains creator role and MLS attribute
The socket SID would be computed on creation and no longer inherit its creator's SID by default. Socket may have a different type but needs to retain the creator's role and MLS attribute in order not to break labeled networking and network access control. The kernel value for a class would be used to determine if the class if one of socket classes. If security_compute_sid is called from userspace the policy value for a class would be mapped to the relevant kernel value first. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'security/selinux/hooks.c')
0 files changed, 0 insertions, 0 deletions