Steffen Klassert 4a7ab3dcad selinux: Fix packet forwarding checks on postrouting ... The IPSKB_FORWARDED and IP6SKB_FORWARDED flags are used only in the multicast forwarding case to indicate that a packet looped back after forward. So these flags are not a good indicator for packet forwarding. A better indicator is the incoming interface. If we have no socket context, but an incoming interface and we see the packet in the ip postroute hook, the packet is going to be forwarded. With this patch we use the incoming interface as an indicator on packet forwarding. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Eric Paris <eparis@redhat.com>		2011-02-25 15:00:51 -05:00
..
apparmor	APPARMOR: Fix memory leak of apparmor_init()	2010-11-11 07:36:22 +11:00
integrity/ima	ima: fix add LSM rule bug	2011-01-03 16:36:33 -08:00
keys	Merge branch 'master' into next	2011-01-10 09:46:24 +11:00
selinux	selinux: Fix packet forwarding checks on postrouting	2011-02-25 15:00:51 -05:00
smack	fs/vfs/security: pass last path component to LSM on inode creation	2011-02-01 11:12:29 -05:00
tomoyo	fs: dcache scale d_unhashed	2011-01-07 17:50:21 +11:00
capability.c	security: remove unused security_sysctl hook	2011-02-01 11:54:02 -05:00
commoncap.c	capabilities/syslog: open code cap_syslog logic to fix build failure	2010-11-15 15:40:01 -08:00
device_cgroup.c	Merge branch 'master' into next	2010-05-06 10:56:07 +10:00
inode.c	convert get_sb_single() users	2010-10-29 04:16:28 -04:00
Kconfig	keys: add new key-type encrypted	2010-11-29 08:55:29 +11:00
lsm_audit.c	Merge branch 'master' into next	2010-05-06 10:56:07 +10:00
Makefile	AppArmor: Enable configuring and building of the AppArmor security module	2010-08-02 15:38:34 +10:00
min_addr.c	mmap_min_addr check CAP_SYS_RAWIO only for write	2010-04-23 08:56:31 +10:00
security.c	security: remove unused security_sysctl hook	2011-02-01 11:54:02 -05:00