linux/security
Stephen Smalley 6c6d2e9bde selinux: update netlink socket classes
Update the set of SELinux netlink socket class definitions to match
the set of netlink protocols implemented by the kernel.  The
ip_queue implementation for the NETLINK_FIREWALL and NETLINK_IP6_FW protocols
was removed in d16cf20e2f, so we can remove
the corresponding class definitions as this is dead code.  Add new
classes for NETLINK_ISCSI, NETLINK_FIB_LOOKUP, NETLINK_CONNECTOR,
NETLINK_NETFILTER, NETLINK_GENERIC, NETLINK_SCSITRANSPORT, NETLINK_RDMA,
and NETLINK_CRYPTO so that we can distinguish among sockets created
for each of these protocols.  This change does not define the finer-grained
nlsmsg_read/write permissions or map specific nlmsg_type values to those
permissions in the SELinux nlmsgtab; if finer-grained control of these
sockets is desired/required, that can be added as a follow-on change.
We do not define a SELinux class for NETLINK_ECRYPTFS as the implementation
was removed in 624ae52845.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
2015-06-04 16:22:16 -04:00
..
apparmor LSM: Switch to lists of hooks 2015-05-12 15:00:41 +10:00
integrity ima: pass iint to ima_add_violation() 2015-05-21 13:59:29 -04:00
keys switch keyctl_instantiate_key_common() to iov_iter 2015-04-11 22:27:12 -04:00
selinux selinux: update netlink socket classes 2015-06-04 16:22:16 -04:00
smack Smack: allow multiple labels in onlycap 2015-06-02 11:53:42 -07:00
tomoyo LSM: Switch to lists of hooks 2015-05-12 15:00:41 +10:00
yama LSM: Switch to lists of hooks 2015-05-12 15:00:41 +10:00
commoncap.c LSM: Switch to lists of hooks 2015-05-12 15:00:41 +10:00
device_cgroup.c cgroup: rename cgroup_subsys->base_cftypes to ->legacy_cftypes 2014-07-15 11:05:09 -04:00
inode.c VFS: security/: d_inode() annotations 2015-04-15 15:06:57 -04:00
Kconfig kernel: conditionally support non-root users, groups and capabilities 2015-04-15 16:35:22 -07:00
lsm_audit.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
Makefile LSM: Switch to lists of hooks 2015-05-12 15:00:41 +10:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c LSM: Switch to lists of hooks 2015-05-12 15:00:41 +10:00