06 Nov, 2006

1 commit

• 38c94377a   [NETLABEL]: Fix build failure. ... Browse Code »

  > the build with the attached .config failed, make ends with:
  > ...
  > : undefined reference to `cipso_v4_sock_getattr'
  > net/built-in.o: In function `netlbl_socket_getattr':

  ...

  It looks like I was stupid and made NetLabel depend on CONFIG_NET and not
  CONFIG_INET, the patch below should fix this by making NetLabel depend on
  CONFIG_INET and CONFIG_SECURITY. Please review and apply for 2.6.19.

  Signed-off-by: Paul Moore
  Signed-off-by: David S. Miller

  Paul Moore

  2006-11-06 08:44:06 +0800  

12 Oct, 2006

1 commit

• ffb733c65   NetLabel: fix a cache race condition ... Browse Code »

  Testing revealed a problem with the NetLabel cache where a cached entry could
  be freed while in use by the LSM layer causing an oops and other problems.
  This patch fixes that problem by introducing a reference counter to the cache
  entry so that it is only freed when it is no longer in use.

  Signed-off-by: Paul Moore
  Signed-off-by: James Morris

  paul.moore@hp.com

  2006-10-12 14:59:29 +0800  

30 Sep, 2006

1 commit

• 95d4e6be2   [NetLabel]: audit fixups due to delayed feedback ... Browse Code »

  Fix some issues Steve Grubb had with the way NetLabel was using the audit
  subsystem. This should make NetLabel more consistent with other kernel
  generated audit messages specifying configuration changes.

  Signed-off-by: Paul Moore
  Acked-by: Steve Grubb
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-30 08:05:05 +0800  

29 Sep, 2006

1 commit

• 32f50cdee   [NetLabel]: add audit support for configuration changes ... Browse Code »

  This patch adds audit support to NetLabel, including six new audit message
  types shown below.

  #define AUDIT_MAC_UNLBL_ACCEPT 1406
  #define AUDIT_MAC_UNLBL_DENY 1407
  #define AUDIT_MAC_CIPSOV4_ADD 1408
  #define AUDIT_MAC_CIPSOV4_DEL 1409
  #define AUDIT_MAC_MAP_ADD 1410
  #define AUDIT_MAC_MAP_DEL 1411

  Signed-off-by: Paul Moore
  Acked-by: James Morris
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-29 09:03:09 +0800  

26 Sep, 2006

4 commits

• 4cc677350   [NetLabel]: update docs with website information ... Browse Code »

  Now that all of the supporting pieces of NetLabel have a home at SourceForge
  update the Kconfig help text and add an entry to the MAINTAINERS file.

  Signed-off-by: Paul Moore
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-26 06:57:13 +0800  
• fd3858554   [NetLabel]: rework the Netlink attribute handling (part 2) ... Browse Code »

  At the suggestion of Thomas Graf, rewrite NetLabel's use of Netlink attributes
  to better follow the common Netlink attribute usage.

  Signed-off-by: Paul Moore
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-26 06:56:37 +0800  
• fcd482806   [NetLabel]: rework the Netlink attribute handling (part 1) ... Browse Code »

  At the suggestion of Thomas Graf, rewrite NetLabel's use of Netlink attributes
  to better follow the common Netlink attribute usage.

  Signed-off-by: Paul Moore
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-26 06:56:09 +0800  
• 14a72f53f   [NetLabel]: correct improper handling of non-NetLabel peer contexts ... Browse Code »

  Fix a problem where NetLabel would always set the value of
  sk_security_struct->peer_sid in selinux_netlbl_sock_graft() to the context of
  the socket, causing problems when users would query the context of the
  connection. This patch fixes this so that the value in
  sk_security_struct->peer_sid is only set when the connection is NetLabel based,
  otherwise the value is untouched.

  Signed-off-by: Paul Moore
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-26 06:52:01 +0800  

23 Sep, 2006

5 commits

• 7a0e1d602   [NetLabel]: add some missing #includes to various header files ... Browse Code »

  Add some missing include files to the NetLabel related header files.

  Signed-off-by: Paul Moore
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-23 06:18:39 +0800  
• d387f6ad1   [NETLINK]: Add notification message sending interface ... Browse Code »

  Adds nlmsg_notify() implementing proper notification logic. The
  message is multicasted to all listeners in the group. The
  applications the requests orignates from can request a unicast
  back report in which case said socket will be excluded from the
  multicast to avoid duplicated notifications.

  nlmsg_multicast() is extended to take allocation flags to
  allow notification in atomic contexts.

  Signed-off-by: Thomas Graf
  Signed-off-by: David S. Miller

  Thomas Graf

  2006-09-23 05:54:49 +0800  
• 8ce11e6a9   [NET]: Make code static. ... Browse Code »

  This patch makes needlessly global code static.

  Signed-off-by: Adrian Bunk
  Signed-off-by: David S. Miller

  Adrian Bunk

  2006-09-23 05:54:07 +0800  
• 96cb8e331   [NetLabel]: CIPSOv4 and Unlabeled packet integration ... Browse Code »

  Add CIPSO/IPv4 and unlabeled packet management to the NetLabel
  subsystem. The CIPSO/IPv4 changes allow the configuration of
  CIPSO/IPv4 within the overall NetLabel framework. The unlabeled
  packet changes allows NetLabel to pass unlabeled packets without
  error.

  Signed-off-by: Paul Moore
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-23 05:53:35 +0800  
• d15c345fe   [NetLabel]: core NetLabel subsystem ... Browse Code »

  Add a new kernel subsystem, NetLabel, to provide explicit packet
  labeling services (CIPSO, RIPSO, etc.) to LSM developers. NetLabel is
  designed to work in conjunction with a LSM to intercept and decode
  security labels on incoming network packets as well as ensure that
  outgoing network packets are labeled according to the security
  mechanism employed by the LSM. The NetLabel subsystem is configured
  through a Generic NETLINK interface described in the header files
  included in this patch.

  Signed-off-by: Paul Moore
  Signed-off-by: David S. Miller

  Paul Moore

  2006-09-23 05:53:34 +0800