netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections
This patch cleans up a lot of the Smack network access control code. The largest changes are to fix the labeling of incoming TCP connections in a manner similar to the recent SELinux changes which use the security_inet_conn_request() hook to label the request_sock and let the label move to the child socket via the normal network stack mechanisms. In addition to the incoming TCP connection fixes this patch also removes the smk_labled field from the socket_smack struct as the minor optimization advantage was outweighed by the difficulty in maintaining it's proper state. Signed-off-by:Paul Moore <paul.moore@hp.com> Acked-by:
Casey Schaufler <casey@schaufler-ca.com> Signed-off-by:
James Morris <jmorris@namei.org>
Showing
- include/net/netlabel.h 5 additions, 0 deletionsinclude/net/netlabel.h
- net/netlabel/netlabel_kapi.c 13 additions, 0 deletionsnet/netlabel/netlabel_kapi.c
- security/smack/smack.h 0 additions, 1 deletionsecurity/smack/smack.h
- security/smack/smack_lsm.c 143 additions, 117 deletionssecurity/smack/smack_lsm.c
Loading
Please register or sign in to comment