08 Jun, 2007
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
01 Mar, 2007
1 commit
-
Signed-off-by: Patrick McHardy
Acked-by: Paul Moore
Signed-off-by: David S. Miller
03 Dec, 2006
5 commits
-
The audit_enabled flag is used to signal when syscall auditing is to be
performed. While NetLabel uses a Netlink interface instead of syscalls, it is
reasonable to consider the NetLabel Netlink interface as a form of syscall so
pay attention to the audit_enabled flag when generating audit messages in
NetLabel.Signed-off-by: Paul Moore
Signed-off-by: James Morris -
Currently the NetLabel unlabeled packet accept flag is an atomic type and it
is checked for every non-NetLabel packet which comes into the system but rarely
ever changed. This patch changes this flag to a normal integer and protects it
with RCU locking.Signed-off-by: Paul Moore
Signed-off-by: James Morris -
By modyfing genlmsg_put() to take a genl_family and by adding
genlmsg_put_reply() the process of constructing the netlink
and generic netlink headers is simplified.Signed-off-by: Thomas Graf
Acked-by: Paul Moore
Signed-off-by: David S. Miller -
A generic netlink user has no interest in knowing how to
address the source of the original request.Signed-off-by: Thomas Graf
Acked-by: Paul Moore
Signed-off-by: David S. Miller -
Account for the netlink message header size directly in nlmsg_new()
instead of relying on the caller calculate it correctly.Replaces error handling of message construction functions when
constructing notifications with bug traps since a failure implies
a bug in calculating the size of the skb.Signed-off-by: Thomas Graf
Acked-by: Paul Moore
Signed-off-by: David S. Miller
30 Sep, 2006
1 commit
-
Fix some issues Steve Grubb had with the way NetLabel was using the audit
subsystem. This should make NetLabel more consistent with other kernel
generated audit messages specifying configuration changes.Signed-off-by: Paul Moore
Acked-by: Steve Grubb
Signed-off-by: David S. Miller
29 Sep, 2006
1 commit
-
This patch adds audit support to NetLabel, including six new audit message
types shown below.#define AUDIT_MAC_UNLBL_ACCEPT 1406
#define AUDIT_MAC_UNLBL_DENY 1407
#define AUDIT_MAC_CIPSOV4_ADD 1408
#define AUDIT_MAC_CIPSOV4_DEL 1409
#define AUDIT_MAC_MAP_ADD 1410
#define AUDIT_MAC_MAP_DEL 1411Signed-off-by: Paul Moore
Acked-by: James Morris
Signed-off-by: David S. Miller
26 Sep, 2006
1 commit
-
At the suggestion of Thomas Graf, rewrite NetLabel's use of Netlink attributes
to better follow the common Netlink attribute usage.Signed-off-by: Paul Moore
Signed-off-by: David S. Miller
23 Sep, 2006
1 commit
-
Add CIPSO/IPv4 and unlabeled packet management to the NetLabel
subsystem. The CIPSO/IPv4 changes allow the configuration of
CIPSO/IPv4 within the overall NetLabel framework. The unlabeled
packet changes allows NetLabel to pass unlabeled packets without
error.Signed-off-by: Paul Moore
Signed-off-by: David S. Miller