linux-hardened/net
Venkat Yekkirala 4237c75c0a [MLSXFRM]: Auto-labeling of child sockets
This automatically labels the TCP, Unix stream, and dccp child sockets
as well as openreqs to be at the same MLS level as the peer. This will
result in the selection of appropriately labeled IPSec Security
Associations.

This also uses the sock's sid (as opposed to the isec sid) in SELinux
enforcement of secmark in rcv_skb and postroute_last hooks.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-22 14:53:29 -07:00
..
802 Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
8021q [VLAN]: Fix link state propagation 2006-07-24 13:52:13 -07:00
appletalk [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
atm [ATM] CLIP: Do not refer freed skbuff in clip_mkip(). 2006-09-18 06:37:58 -07:00
ax25 [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
bluetooth [Bluetooth] Correct RFCOMM channel MTU for broken implementations 2006-07-24 12:44:25 -07:00
bridge [BRIDGE]: random extra bytes on STP TCN packet 2006-09-17 23:21:08 -07:00
core [MLSXFRM]: Flow based matching of xfrm policy and state 2006-09-22 14:53:24 -07:00
dccp [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
decnet [DECNET]: Fix for routing bug 2006-08-02 14:14:44 -07:00
econet [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
ethernet Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ieee80211 [CRYPTO] users: Use crypto_hash interface instead of crypto_digest 2006-09-21 11:46:21 +10:00
ipv4 [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
ipv6 [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
ipx [IPX]: Fix typo, ipxhdr() --> ipx_hdr() 2006-08-09 17:36:15 -07:00
irda [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
key [MLSXFRM]: Default labeling of socket specific IPSec policies 2006-09-22 14:53:28 -07:00
lapb [LAPB]: Fix windowsize check 2006-08-05 21:15:58 -07:00
llc [LLC]: multicast receive device match 2006-08-13 18:56:26 -07:00
netfilter [NETFILTER]: xt_quota: add missing module aliases 2006-09-19 13:00:57 -07:00
netlink [NETLINK]: Call panic if nl_table allocation fails 2006-08-29 21:22:18 -07:00
netrom [NETROM] lockdep: fix false positive 2006-07-12 13:59:02 -07:00
packet [PACKET]: Don't truncate non-linear skbs with mmaped IO 2006-09-17 23:59:57 -07:00
rose [ROSE] lockdep: fix false positive 2006-07-12 13:58:59 -07:00
rxrpc [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
sched [NET]: Drop tx lock in dev_watchdog_up 2006-09-18 00:22:30 -07:00
sctp [SCTP]: Use HMAC template and hash interface 2006-09-21 11:46:19 +10:00
sunrpc [CRYPTO] users: Use crypto_hash interface instead of crypto_digest 2006-09-21 11:46:21 +10:00
tipc [TIPC]: Removing useless casts 2006-07-21 15:52:20 -07:00
unix [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch 2006-08-02 14:12:06 -07:00
wanrouter [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
x25 Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
xfrm [MLSXFRM]: Default labeling of socket specific IPSec policies 2006-09-22 14:53:28 -07:00
compat.c [NETFILTER]: iptables 32bit compat layer 2006-04-01 02:25:19 -08:00
Kconfig [NET]: Mark frame diverter for future removal. 2006-09-17 23:21:14 -07:00
Makefile [TIPC] Initial merge 2006-01-12 14:06:31 -08:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c [NET]: Rate limiting for socket allocation failure messages. 2006-08-31 15:21:50 -07:00
sysctl_net.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
TUNABLE Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00