kernel_optimize_test/include
Venkat Yekkirala 67f83cbf08 SELinux: Fix SA selection semantics
Fix the selection of an SA for an outgoing packet to be at the same
context as the originating socket/flow. This eliminates the SELinux
policy's ability to use/sendto SAs with contexts other than the socket's.

With this patch applied, the SELinux policy will require one or more of the
following for a socket to be able to communicate with/without SAs:

1. To enable a socket to communicate without using labeled-IPSec SAs:

allow socket_t unlabeled_t:association { sendto recvfrom }

2. To enable a socket to communicate with labeled-IPSec SAs:

allow socket_t self:association { sendto };
allow socket_t peer_sa_t:association { recvfrom };

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: James Morris <jmorris@namei.org>
2006-12-02 21:21:34 -08:00
..
acpi ACPI: Change ACPI to use dev_archdata instead of firmware_data 2006-12-01 14:52:01 -08:00
asm-alpha Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-arm Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-arm26 Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-avr32 Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-cris Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-frv Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-generic Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-h8300 Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-i386 ACPI: Change ACPI to use dev_archdata instead of firmware_data 2006-12-01 14:52:01 -08:00
asm-ia64 Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6 2006-12-01 16:41:27 -08:00
asm-m32r Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-m68k Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-m68knommu Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/driver-2.6 2006-12-01 16:41:07 -08:00
asm-mips Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus 2006-12-01 16:44:02 -08:00
asm-parisc Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/driver-2.6 2006-12-01 16:41:07 -08:00
asm-powerpc Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6 2006-12-01 16:41:27 -08:00
asm-ppc Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-s390 Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-sh Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-sh64 Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-sparc Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-sparc64 Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6 2006-12-01 16:41:27 -08:00
asm-um Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-v850 Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-x86_64 ACPI: Change ACPI to use dev_archdata instead of firmware_data 2006-12-01 14:52:01 -08:00
asm-xtensa Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
crypto
keys
linux SELinux: Fix SA selection semantics 2006-12-02 21:21:34 -08:00
math-emu
media V4L/DVB (4666): Ensure the WM8775 driver is loaded generically for any board. 2006-10-03 15:13:48 -03:00
mtd Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 2006-10-01 17:55:53 +01:00
net SELinux: Return correct context for SO_PEERSEC 2006-12-02 21:21:33 -08:00
pcmcia
rdma IB/cm: Fix automatic path migration support 2006-11-29 15:33:10 -08:00
rxrpc
scsi [PATCH] add missing libsas include to fix s390 compilation. 2006-11-28 17:26:50 -08:00
sound Driver core: convert sound core to use struct device 2006-12-01 14:52:01 -08:00
video fix file specification in comments 2006-10-03 23:01:26 +02:00
Kbuild