selinux: Set socket NetLabel based on connection endpoint

Previous work enabled the use of address based NetLabel selectors, which while highly useful, brought the potential for additional per-packet overhead when used. This patch attempts to solve that by applying NetLabel socket labels when sockets are connect()'d. This should alleviate the per-packet NetLabel labeling for all connected sockets (yes, it even works for connected DGRAM sockets). Signed-off-by: Paul Moore <paul.moore@hp.com> Reviewed-by: James Morris <jmorris@namei.org>
author: Paul Moore 2008-10-10 16:16:33 +0200
committer: Paul Moore 2008-10-10 16:16:33 +0200
commit: 014ab19a69c325f52d7bae54ceeda73d6307ae0c (patch)
tree: 8a69c490accb7d5454bdfeb8c078d846729aeb60 /security/selinux/include/objsec.h
parent: netlabel: Add functionality to set the security attributes of a packet (diff)
download: kernel-qcow2-linux-014ab19a69c325f52d7bae54ceeda73d6307ae0c.tar.gz
kernel-qcow2-linux-014ab19a69c325f52d7bae54ceeda73d6307ae0c.tar.xz
kernel-qcow2-linux-014ab19a69c325f52d7bae54ceeda73d6307ae0c.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index f46dd1c3d01c..ad34787c6c02 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -118,6 +118,7 @@ struct sk_security_struct {
 		NLBL_REQUIRE,
 		NLBL_LABELED,
 		NLBL_REQSKB,
+		NLBL_CONNLABELED,
 	} nlbl_state;
 #endif
 };
author	Paul Moore	2008-10-10 16:16:33 +0200
committer	Paul Moore	2008-10-10 16:16:33 +0200
commit	014ab19a69c325f52d7bae54ceeda73d6307ae0c (patch)
tree	8a69c490accb7d5454bdfeb8c078d846729aeb60 /security/selinux/include/objsec.h
parent	netlabel: Add functionality to set the security attributes of a packet (diff)
download	kernel-qcow2-linux-014ab19a69c325f52d7bae54ceeda73d6307ae0c.tar.gz kernel-qcow2-linux-014ab19a69c325f52d7bae54ceeda73d6307ae0c.tar.xz kernel-qcow2-linux-014ab19a69c325f52d7bae54ceeda73d6307ae0c.zip