diff options
| author | Huw Davies | 2016-06-27 21:05:29 +0200 |
|---|---|---|
| committer | Paul Moore | 2016-06-27 21:05:29 +0200 |
| commit | e1adea927080821ebfa7505bff752a4015955660 (patch) | |
| tree | adbbbe9962bf497bdf119849a37c8bbcc1eea034 /include/net/netlabel.h | |
| parent | ipv6: Allow request socks to contain IPv6 options. (diff) | |
| download | kernel-qcow2-linux-e1adea927080821ebfa7505bff752a4015955660.tar.gz kernel-qcow2-linux-e1adea927080821ebfa7505bff752a4015955660.tar.xz kernel-qcow2-linux-e1adea927080821ebfa7505bff752a4015955660.zip | |
calipso: Allow request sockets to be relabelled by the lsm.
Request sockets need to have a label that takes into account the
incoming connection as well as their parent's label. This is used
for the outgoing SYN-ACK and for their child full-socket.
Signed-off-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/net/netlabel.h')
| -rw-r--r-- | include/net/netlabel.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 918a6044c89c..a2408c30a7f7 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -229,6 +229,8 @@ struct netlbl_lsm_secattr { * @sock_getattr: retrieve the socket's attr * @sock_setattr: set the socket's attr * @sock_delattr: remove the socket's attr + * @req_setattr: set the req socket's attr + * @req_delattr: remove the req socket's attr * * Description: * This structure is filled out by the CALIPSO engine and passed @@ -252,6 +254,10 @@ struct netlbl_calipso_ops { const struct calipso_doi *doi_def, const struct netlbl_lsm_secattr *secattr); void (*sock_delattr)(struct sock *sk); + int (*req_setattr)(struct request_sock *req, + const struct calipso_doi *doi_def, + const struct netlbl_lsm_secattr *secattr); + void (*req_delattr)(struct request_sock *req); }; /* |