1
linux/security
Steffen Klassert 4a7ab3dcad selinux: Fix packet forwarding checks on postrouting
The IPSKB_FORWARDED and IP6SKB_FORWARDED flags are used only in the
multicast forwarding case to indicate that a packet looped back after
forward. So these flags are not a good indicator for packet forwarding.
A better indicator is the incoming interface. If we have no socket context,
but an incoming interface and we see the packet in the ip postroute hook,
the packet is going to be forwarded.

With this patch we use the incoming interface as an indicator on packet
forwarding.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2011-02-25 15:00:51 -05:00
..
apparmor APPARMOR: Fix memory leak of apparmor_init() 2010-11-11 07:36:22 +11:00
integrity/ima ima: fix add LSM rule bug 2011-01-03 16:36:33 -08:00
keys Merge branch 'master' into next 2011-01-10 09:46:24 +11:00
selinux selinux: Fix packet forwarding checks on postrouting 2011-02-25 15:00:51 -05:00
smack fs/vfs/security: pass last path component to LSM on inode creation 2011-02-01 11:12:29 -05:00
tomoyo fs: dcache scale d_unhashed 2011-01-07 17:50:21 +11:00
capability.c security: remove unused security_sysctl hook 2011-02-01 11:54:02 -05:00
commoncap.c capabilities/syslog: open code cap_syslog logic to fix build failure 2010-11-15 15:40:01 -08:00
device_cgroup.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
inode.c convert get_sb_single() users 2010-10-29 04:16:28 -04:00
Kconfig keys: add new key-type encrypted 2010-11-29 08:55:29 +11:00
lsm_audit.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
Makefile AppArmor: Enable configuring and building of the AppArmor security module 2010-08-02 15:38:34 +10:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c security: remove unused security_sysctl hook 2011-02-01 11:54:02 -05:00