leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
42c3e03ef6
linux/fs
History
Eric Paris 42c3e03ef6 [PATCH] SELinux: Add sockcreate node to procattr API 
Below is a patch to add a new /proc/self/attr/sockcreate A process may write a
context into this interface and all subsequent sockets created will be labeled
with that context.  This is the same idea as the fscreate interface where a
process can specify the label of a file about to be created.  At this time one
envisioned user of this will be xinetd.  It will be able to better label
sockets for the actual services.  At this time all sockets take the label of
the creating process, so all xinitd sockets would just be labeled the same.

I tested this by creating a tcp sender and listener.  The sender was able to
write to this new proc file and then create sockets with the specified label.
I am able to be sure the new label was used since the avc denial messages
kicked out by the kernel included both the new security permission
setsockcreate and all the socket denials were for the new label, not the label
of the running process.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-26 09:58:26 -07:00
..
9p Merge git://git.linux-nfs.org/pub/linux/nfs-2.6 2006-06-25 10:54:14 -07:00
adfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
affs [PATCH] fix %s in affs_fill_super() 2006-06-25 10:01:22 -07:00
afs [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
autofs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
autofs4 [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
befs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
bfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
cifs Merge branch 'master' of /home/trondmy/kernel/linux-2.6/ 2006-06-24 13:07:53 -04:00
coda [PATCH] use list_add_tail() instead of list_add() 2006-06-26 09:58:17 -07:00
configfs [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
cramfs [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
debugfs Merge branch 'master' of /home/trondmy/kernel/linux-2.6/ 2006-06-24 13:07:53 -04:00
devfs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
devpts [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
efs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
exportfs [PATCH] NFS server subtree_check returns dubious value 2006-05-21 12:59:16 -07:00
ext2 [PATCH] ext2: cleanup: put_page and comment fix 2006-06-25 10:01:25 -07:00
ext3 [PATCH] ext3: Add "-o bh" option 2006-06-26 09:58:20 -07:00
fat [PATCH] fs/fat/misc.c: unexport fat_sync_bhs 2006-06-23 07:43:03 -07:00
freevxfs [PATCH] fs/freevxfs: cleanup of spelling errors 2006-06-25 10:01:01 -07:00
fuse Merge git://git.linux-nfs.org/pub/linux/nfs-2.6 2006-06-25 10:54:14 -07:00
hfs [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
hfsplus [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
hostfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
hpfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
hppfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
hugetlbfs [PATCH] tightening hugetlb strict accounting 2006-06-23 07:42:48 -07:00
isofs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
jbd [PATCH] ext3: fix memory leak when the journal file is corrupted 2006-06-25 10:01:07 -07:00
jffs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
jffs2 [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
jfs [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
lockd NLM: Fix reclaim races 2006-06-09 09:40:27 -04:00
minix [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
msdos [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
ncpfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
nfs Fix NFS2 compile error 2006-06-25 12:30:33 -07:00
nfs_common [PATCH] nfsacl: Solaris VxFS compatibility fix 2005-10-11 09:46:54 -07:00
nfsd [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
nls [PATCH] fs: Use ARRAY_SIZE macro 2006-03-24 07:33:19 -08:00
ntfs [PATCH] Prepare for __copy_from_user_inatomic to not zero missed bytes 2006-06-25 10:01:09 -07:00
ocfs2 [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
openpromfs [PATCH] openpromfs: factorize out 2006-06-25 10:01:05 -07:00
partitions [PATCH] make kernel warn about incorrectly sized partitions 2006-06-23 07:43:09 -07:00
proc [PATCH] SELinux: Add sockcreate node to procattr API 2006-06-26 09:58:26 -07:00
qnx4 [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
ramfs [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
reiserfs [PATCH] reiserfs: remove reiserfs_aio_write() 2006-06-26 09:58:19 -07:00
romfs [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
smbfs [PATCH] fs: use list_move() 2006-06-26 09:58:18 -07:00
sysfs [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
sysv [PATCH] read_mapping_page for address space 2006-06-23 07:43:02 -07:00
udf [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
ufs [PATCH] fs/ufs/inode.c: make 2 functions static 2006-06-25 10:01:04 -07:00
vfat [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
xfs [PATCH] xfs: update ->flush method proto 2006-06-25 17:43:32 -07:00
aio.c [PATCH] list: use list_replace_init() instead of list_splice_init() 2006-06-23 07:43:07 -07:00
attr.c [PATCH] capable/capability.h (fs/) 2006-01-11 18:42:13 -08:00
bad_inode.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
binfmt_aout.c [PATCH] dump_thread() cleanup 2006-01-10 08:01:25 -08:00
binfmt_elf_fdpic.c [PATCH] frv: binfmt_elf_fdpic __user annotations 2006-06-23 07:42:54 -07:00
binfmt_elf.c [PATCH] binflt_elf: remove more casts 2006-06-23 07:43:05 -07:00
binfmt_em86.c
binfmt_flat.c [PATCH] uclinux: use PER_LINUX_32BIT in binfmt_flat 2006-06-25 21:04:24 -07:00
binfmt_misc.c Merge branch 'master' of /home/trondmy/kernel/linux-2.6/ 2006-06-24 13:07:53 -04:00
binfmt_script.c
binfmt_som.c [PATCH] mm: mm_init set_mm_counters 2005-10-29 21:40:38 -07:00
bio.c [PATCH] Fix missing ret assignment in __bio_map_user() error path 2006-06-17 10:52:12 -07:00
block_dev.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
buffer.c [PATCH] Kill PF_SYNCWRITE flag 2006-06-23 17:10:39 +02:00
char_dev.c [PATCH] Simplify proc/devices and fix early termination regression 2006-03-31 12:18:53 -08:00
compat_ioctl.c [PATCH] i4l: Gigaset drivers: add IOCTLs to compat_ioctl.h 2006-06-26 09:58:23 -07:00
compat.c [PATCH] VFS: Permit filesystem to perform statfs with a known root dentry 2006-06-23 07:42:45 -07:00
dcache.c [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
dcookies.c [PATCH] Use __read_mostly on some hot fs variables 2006-03-26 08:56:56 -08:00
direct-io.c [PATCH] Kill PF_SYNCWRITE flag 2006-06-23 17:10:39 +02:00
dnotify.c [PATCH] Use __read_mostly on some hot fs variables 2006-03-26 08:56:56 -08:00
dquot.c [PATCH] use list_add_tail() instead of list_add() 2006-06-26 09:58:17 -07:00
drop_caches.c [PATCH] drop-pagecache 2006-01-08 20:12:40 -08:00
eventpoll.c [PATCH] epoll: use unlocked wqueue operations 2006-06-25 10:01:13 -07:00
exec.c [PATCH] proc: Rewrite the proc dentry flush on exit optimization 2006-06-26 09:58:24 -07:00
fcntl.c BUG_ON() Conversion in fs/fcntl.c 2006-04-02 13:37:19 +02:00
fifo.c [PATCH] pipe.c/fifo.c code cleanups 2006-04-11 13:53:33 +02:00
file_table.c [PATCH] percpu counter data type changes to suppport more than 2**31 ext3 free blocks counter 2006-06-23 07:43:06 -07:00
file.c [PATCH] for_each_possible_cpu: fixes for generic part 2006-03-28 09:16:05 -08:00
filesystems.c [PATCH] fix missing includes 2005-10-30 17:37:32 -08:00
fs-writeback.c [PATCH] Kill PF_SYNCWRITE flag 2006-06-23 17:10:39 +02:00
inode.c BUG_ON() Conversion in fs/inode.c 2006-04-02 13:38:18 +02:00
inotify_user.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
inotify.c [PATCH] inotify (4/5): allow watch removal from event handler 2006-06-20 05:25:19 -04:00
ioctl.c [PATCH] capable/capability.h (fs/) 2006-01-11 18:42:13 -08:00
ioprio.c [PATCH] lsm: add task_setioprio hook 2006-06-23 07:42:53 -07:00
Kconfig [PATCH] nfsd kconfig: select things at the closest tristate instead of bool 2006-06-26 09:58:23 -07:00
Kconfig.binfmt [PATCH] frv: suppress configuration of certain features for FRV 2006-01-08 20:13:36 -08:00
libfs.c [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
locks.c [PATCH] fs/locks.c: make posix_locks_deadlock() static 2006-06-23 07:43:03 -07:00
Makefile [PATCH] inotify (1/5): split kernel API from userspace support 2006-06-20 05:25:17 -04:00
mbcache.c [PATCH] Typo fixes 2006-03-28 09:16:08 -08:00
mpage.c [PATCH] writeback: fix range handling 2006-06-23 07:42:49 -07:00
namei.c [PATCH] Implement AT_SYMLINK_FOLLOW flag for linkat 2006-06-25 10:01:22 -07:00
namespace.c [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
nfsctl.c [PATCH] fs: Use ARRAY_SIZE macro 2006-03-24 07:33:19 -08:00
open.c [PATCH] ftruncate does not always update m/ctime 2006-06-25 10:01:15 -07:00
pipe.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
pnode.c [PATCH] core: use list_move() 2006-06-26 09:58:17 -07:00
pnode.h [PATCH] unbindable mounts 2005-11-07 18:18:11 -08:00
posix_acl.c [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
quota_v1.c
quota_v2.c [PATCH] sem2mutex: quota 2006-03-23 07:38:11 -08:00
quota.c [PATCH] sem2mutex: quota 2006-03-23 07:38:11 -08:00
read_write.c [PATCH] splice: unlikely() optimizations 2006-04-11 13:56:09 +02:00
readdir.c [PATCH] mutex subsystem, semaphore to mutex: VFS, ->i_sem 2006-01-09 15:59:24 -08:00
select.c [PATCH] fs: sys_poll with timeout -1 bug fix 2006-06-25 10:01:22 -07:00
seq_file.c [PATCH] sem2mutex: fs/seq_file.c 2006-03-23 07:38:12 -08:00
splice.c [PATCH] splice: retrieve mapping after locking the page 2006-06-23 17:10:39 +02:00
stat.c [PATCH] powerpc: Wire up *at syscalls 2006-04-28 21:04:59 +10:00
super.c Merge branch 'master' of /home/trondmy/kernel/linux-2.6/ 2006-06-24 13:07:53 -04:00
sync.c [PATCH] writeback: fix range handling 2006-06-23 07:42:49 -07:00
xattr_acl.c
xattr.c [PATCH] log more info for directory entry change events 2006-06-20 05:25:28 -04:00