summaryrefslogtreecommitdiffstats
path: root/security/smack/smack.h
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2013-05-23 03:42:56 +0200
committerCasey Schaufler <casey@schaufler-ca.com>2013-05-28 19:08:26 +0200
commitc673944347edfd4362b10eea11ac384a582b1cf5 (patch)
treeb1495c8af7910a697e4b6c6e13790911f02b8291 /security/smack/smack.h
parentsecurity: clarify cap_inode_getsecctx description (diff)
downloadlinux-c673944347edfd4362b10eea11ac384a582b1cf5.tar.xz
linux-c673944347edfd4362b10eea11ac384a582b1cf5.zip
Smack: Local IPv6 port based controls
Smack does not provide access controls on IPv6 communications. This patch introduces a mechanism for maintaining Smack lables for local IPv6 communications. It is based on labeling local ports. The behavior should be compatible with any future "real" IPv6 support as it provides no interfaces for users to manipulate the labeling. Remote IPv6 connections use the ambient label the same way that unlabeled IPv4 packets are treated. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack/smack.h')
-rw-r--r--security/smack/smack.h11
1 files changed, 11 insertions, 0 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 8ad30955e15d..bb28e099abfe 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -94,6 +94,17 @@ struct smk_netlbladdr {
};
/*
+ * An entry in the table identifying ports.
+ */
+struct smk_port_label {
+ struct list_head list;
+ struct sock *smk_sock; /* socket initialized on */
+ unsigned short smk_port; /* the port number */
+ char *smk_in; /* incoming label */
+ char *smk_out; /* outgoing label */
+};
+
+/*
* This is the repository for labels seen so that it is
* not necessary to keep allocating tiny chuncks of memory
* and so that they can be shared.