diff options
| author | Paul Moore | 2008-10-10 16:16:32 +0200 |
|---|---|---|
| committer | Paul Moore | 2008-10-10 16:16:32 +0200 |
| commit | 948bf85c1bc9a84754786a9d5dd99b7ecc46451e (patch) | |
| tree | a4706be1f4a5a37408774ef3c4cab8cf2e7775b5 /security/selinux/include/objsec.h | |
| parent | netlabel: Add network address selectors to the NetLabel/LSM domain mapping (diff) | |
| download | kernel-qcow2-linux-948bf85c1bc9a84754786a9d5dd99b7ecc46451e.tar.gz kernel-qcow2-linux-948bf85c1bc9a84754786a9d5dd99b7ecc46451e.tar.xz kernel-qcow2-linux-948bf85c1bc9a84754786a9d5dd99b7ecc46451e.zip | |
netlabel: Add functionality to set the security attributes of a packet
This patch builds upon the new NetLabel address selector functionality by
providing the NetLabel KAPI and CIPSO engine support needed to enable the
new packet-based labeling. The only new addition to the NetLabel KAPI at
this point is shown below:
* int netlbl_skbuff_setattr(skb, family, secattr)
... and is designed to be called from a Netfilter hook after the packet's
IP header has been populated such as in the FORWARD or LOCAL_OUT hooks.
This patch also provides the necessary SELinux hooks to support this new
functionality. Smack support is not currently included due to uncertainty
regarding the permissions needed to expand the Smack network access controls.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Reviewed-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include/objsec.h')
| -rw-r--r-- | security/selinux/include/objsec.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 91070ab874ce..f46dd1c3d01c 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -117,6 +117,7 @@ struct sk_security_struct { NLBL_UNSET = 0, NLBL_REQUIRE, NLBL_LABELED, + NLBL_REQSKB, } nlbl_state; #endif }; |