linux-hardened/security
Venkat Yekkirala 4237c75c0a [MLSXFRM]: Auto-labeling of child sockets
This automatically labels the TCP, Unix stream, and dccp child sockets
as well as openreqs to be at the same MLS level as the peer. This will
result in the selection of appropriately labeled IPSec Security
Associations.

This also uses the sock's sid (as opposed to the isec sid) in SELinux
enforcement of secmark in rcv_skb and postroute_last hooks.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-22 14:53:29 -07:00
..
keys [PATCH] Keys: Allow in-kernel key requestor to pass auxiliary data to upcaller 2006-06-29 10:26:20 -07:00
selinux [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
capability.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
commoncap.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
dummy.c [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
inode.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
Kconfig [PATCH] keys: restrict contents of /proc/keys to Viewable keys 2006-06-26 09:58:18 -07:00
Makefile [PATCH] add securityfs for all LSMs to use 2005-07-08 18:48:41 -07:00
root_plug.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
seclvl.c [CRYPTO] users: Use crypto_hash interface instead of crypto_digest 2006-09-21 11:46:21 +10:00
security.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00