diff options
author | Casey Schaufler <casey@schaufler-ca.com> | 2013-05-23 03:42:56 +0200 |
---|---|---|
committer | Casey Schaufler <casey@schaufler-ca.com> | 2013-05-28 19:08:26 +0200 |
commit | c673944347edfd4362b10eea11ac384a582b1cf5 (patch) | |
tree | b1495c8af7910a697e4b6c6e13790911f02b8291 /security/smack/smack.h | |
parent | security: clarify cap_inode_getsecctx description (diff) | |
download | linux-c673944347edfd4362b10eea11ac384a582b1cf5.tar.xz linux-c673944347edfd4362b10eea11ac384a582b1cf5.zip |
Smack: Local IPv6 port based controls
Smack does not provide access controls on IPv6 communications.
This patch introduces a mechanism for maintaining Smack lables
for local IPv6 communications. It is based on labeling local ports.
The behavior should be compatible with any future "real" IPv6
support as it provides no interfaces for users to manipulate
the labeling. Remote IPv6 connections use the ambient label
the same way that unlabeled IPv4 packets are treated.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/smack.h')
-rw-r--r-- | security/smack/smack.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index 8ad30955e15d..bb28e099abfe 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -94,6 +94,17 @@ struct smk_netlbladdr { }; /* + * An entry in the table identifying ports. + */ +struct smk_port_label { + struct list_head list; + struct sock *smk_sock; /* socket initialized on */ + unsigned short smk_port; /* the port number */ + char *smk_in; /* incoming label */ + char *smk_out; /* outgoing label */ +}; + +/* * This is the repository for labels seen so that it is * not necessary to keep allocating tiny chuncks of memory * and so that they can be shared. |