diff options
| author | Huw Davies | 2016-06-27 21:06:15 +0200 |
|---|---|---|
| committer | Paul Moore | 2016-06-27 21:06:15 +0200 |
| commit | 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 (patch) | |
| tree | cf6e68541ba82eb7c4b11a7ba563f423060d8b46 /net/netlabel/netlabel_calipso.h | |
| parent | ipv6: constify the skb pointer of ipv6_find_tlv(). (diff) | |
| download | kernel-qcow2-linux-2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3.tar.gz kernel-qcow2-linux-2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3.tar.xz kernel-qcow2-linux-2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3.zip | |
calipso: Allow the lsm to label the skbuff directly.
In some cases, the lsm needs to add the label to the skbuff directly.
A NF_INET_LOCAL_OUT IPv6 hook is added to selinux to match the IPv4
behaviour. This allows selinux to label the skbuffs that it requires.
Signed-off-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'net/netlabel/netlabel_calipso.h')
| -rw-r--r-- | net/netlabel/netlabel_calipso.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_calipso.h b/net/netlabel/netlabel_calipso.h index 1372fdd86588..66ba92e9289f 100644 --- a/net/netlabel/netlabel_calipso.h +++ b/net/netlabel/netlabel_calipso.h @@ -137,5 +137,12 @@ int calipso_req_setattr(struct request_sock *req, const struct calipso_doi *doi_def, const struct netlbl_lsm_secattr *secattr); void calipso_req_delattr(struct request_sock *req); +unsigned char *calipso_optptr(const struct sk_buff *skb); +int calipso_getattr(const unsigned char *calipso, + struct netlbl_lsm_secattr *secattr); +int calipso_skbuff_setattr(struct sk_buff *skb, + const struct calipso_doi *doi_def, + const struct netlbl_lsm_secattr *secattr); +int calipso_skbuff_delattr(struct sk_buff *skb); #endif |