kevin/linux
1
Fork 0
Code
050d032b25
linux/security/selinux
History
Paul Moore 050d032b25 selinux: ensure that the cached NetLabel secattr matches the desired SID 
In selinux_netlbl_skbuff_setsid() we leverage a cached NetLabel
secattr whenever possible.  However, we never check to ensure that
the desired SID matches the cached NetLabel secattr.  This patch
checks the SID against the secattr before use and only uses the
cached secattr when the SID values match.

Signed-off-by: Paul Moore <pmoore@redhat.com>
2013-12-04 16:08:17 -05:00
..
include SELinux: Update policy version to support constraints info 2013-11-19 17:34:23 -05:00
ss SELinux: security_load_policy: Silence frame-larger-than warning 2013-11-19 17:35:18 -05:00
.gitignore
avc.c selinux: remove 'flags' parameter from avc_audit() 2013-10-04 14:13:25 -07:00
exports.c
hooks.c selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute() 2013-12-04 16:07:28 -05:00
Kconfig
Makefile
netif.c net: pass info struct via netdevice notifier 2013-05-28 13:11:01 -07:00
netlabel.c selinux: ensure that the cached NetLabel secattr matches the desired SID 2013-12-04 16:08:17 -05:00
netlink.c selinux: replace obsolete NLMSG_* with type safe nlmsg_* 2013-03-28 14:25:49 -04:00
netnode.c selinux: fix problems in netnode when BUG() is compiled out 2013-07-25 13:03:27 -04:00
netport.c SELinux: avc: remove the useless fields in avc_add_callback 2012-04-09 12:23:44 -04:00
nlmsgtab.c bridge: update selinux perm table for RTM_NEWMDB and RTM_DELMDB 2012-12-15 17:14:38 -08:00
selinuxfs.c Add SELinux policy capability for always checking packet and peer classes. 2013-07-25 13:03:38 -04:00
xfrm.c selinux: fix possible memory leak 2013-11-25 17:00:33 -05:00