diff options
| author | Paul Moore | 2009-03-27 22:10:54 +0100 |
|---|---|---|
| committer | James Morris | 2009-03-28 05:01:37 +0100 |
| commit | 07feee8f812f7327a46186f7604df312c8c81962 (patch) | |
| tree | 73eac643b60532aa82d7680a7de193ba2b62eddd /security/smack/smack.h | |
| parent | lsm: Remove the socket_post_accept() hook (diff) | |
| download | kernel-qcow2-linux-07feee8f812f7327a46186f7604df312c8c81962.tar.gz kernel-qcow2-linux-07feee8f812f7327a46186f7604df312c8c81962.tar.xz kernel-qcow2-linux-07feee8f812f7327a46186f7604df312c8c81962.zip | |
netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections
This patch cleans up a lot of the Smack network access control code. The
largest changes are to fix the labeling of incoming TCP connections in a
manner similar to the recent SELinux changes which use the
security_inet_conn_request() hook to label the request_sock and let the label
move to the child socket via the normal network stack mechanisms. In addition
to the incoming TCP connection fixes this patch also removes the smk_labled
field from the socket_smack struct as the minor optimization advantage was
outweighed by the difficulty in maintaining it's proper state.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/smack/smack.h')
| -rw-r--r-- | security/smack/smack.h | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index 64164f8fde70..5e5a3bcb599a 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -42,7 +42,6 @@ struct superblock_smack { struct socket_smack { char *smk_out; /* outbound label */ char *smk_in; /* inbound label */ - int smk_labeled; /* label scheme */ char smk_packet[SMK_LABELLEN]; /* TCP peer label */ }; |