kernel_optimize_test

History

Paul Moore 446b802437 selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute() In selinux_ip_postroute() we perform access checks based on the packet's security label. For locally generated traffic we get the packet's security label from the associated socket; this works in all cases except for TCP SYN-ACK packets. In the case of SYN-ACK packet's the correct security label is stored in the connection's request_sock, not the server's socket. Unfortunately, at the point in time when selinux_ip_postroute() is called we can't query the request_sock directly, we need to recreate the label using the same logic that originally labeled the associated request_sock. See the inline comments for more explanation. Reported-by: Janak Desai <Janak.Desai@gtri.gatech.edu> Tested-by: Janak Desai <Janak.Desai@gtri.gatech.edu> Cc: stable@vger.kernel.org Signed-off-by: Paul Moore <pmoore@redhat.com>		2013-12-12 17:21:31 -05:00
..
apparmor	apparmor: fix bad lock balance when introspecting policy	2013-10-16 11:54:01 +11:00
integrity	xattr: Constify ->name member of "struct xattr".	2013-07-25 19:30:03 +10:00
keys	aio: don't include aio.h in sched.h	2013-05-07 20:16:25 -07:00
selinux	selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()	2013-12-12 17:21:31 -05:00
smack	Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2013-09-07 14:34:07 -07:00
tomoyo	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2013-05-01 17:51:54 -07:00
yama
capability.c	Linux 3.12	2013-11-26 17:32:55 -05:00
commoncap.c	capabilities: allow nice if we are privileged	2013-08-30 23:44:09 -07:00
device_cgroup.c	cgroup: make css_for_each_descendant() and friends include the origin css in the iteration	2013-08-08 20:11:27 -04:00
inode.c
Kconfig
lsm_audit.c
Makefile
min_addr.c
security.c	Linux 3.12	2013-11-26 17:32:55 -05:00