linux/include
Venkat Yekkirala c1a856c964 SELinux: Various xfrm labeling fixes
Since the upstreaming of the mlsxfrm modification a few months back,
testing has resulted in the identification of the following issues/bugs that
are resolved in this patch set.

1. Fix the security context used in the IKE negotiation to be the context
   of the socket as opposed to the context of the SPD rule.

2. Fix SO_PEERSEC for tcp sockets to return the security context of
   the peer as opposed to the source.

3. Fix the selection of an SA for an outgoing packet to be at the same
   context as the originating socket/flow.

The following would be the result of applying this patchset:

- SO_PEERSEC will now correctly return the peer's context.

- IKE deamons will receive the context of the source socket/flow
  as opposed to the SPD rule's context so that the negotiated SA
  will be at the same context as the source socket/flow.

- The SELinux policy will require one or more of the
  following for a socket to be able to communicate with/without SAs:

  1. To enable a socket to communicate without using labeled-IPSec SAs:

     allow socket_t unlabeled_t:association { sendto recvfrom }

  2. To enable a socket to communicate with labeled-IPSec SAs:

     allow socket_t self:association { sendto };
     allow socket_t peer_sa_t:association { recvfrom };

This Patch: Pass correct security context to IKE for use in negotiation

Fix the security context passed to IKE for use in negotiation to be the
context of the socket as opposed to the context of the SPD rule so that
the SA carries the label of the originating socket/flow.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: James Morris <jmorris@namei.org>
2006-12-02 21:21:31 -08:00
..
acpi ACPI: Change ACPI to use dev_archdata instead of firmware_data 2006-12-01 14:52:01 -08:00
asm-alpha Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-arm Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-arm26 Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-avr32 Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-cris Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-frv Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-generic Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-h8300 Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-i386 ACPI: Change ACPI to use dev_archdata instead of firmware_data 2006-12-01 14:52:01 -08:00
asm-ia64 Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6 2006-12-01 16:41:27 -08:00
asm-m32r Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-m68k Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-m68knommu Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/driver-2.6 2006-12-01 16:41:07 -08:00
asm-mips Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus 2006-12-01 16:44:02 -08:00
asm-parisc Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/driver-2.6 2006-12-01 16:41:07 -08:00
asm-powerpc Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6 2006-12-01 16:41:27 -08:00
asm-ppc Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-s390 Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-sh Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-sh64 Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-sparc Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-sparc64 Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6 2006-12-01 16:41:27 -08:00
asm-um Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-v850 Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
asm-x86_64 ACPI: Change ACPI to use dev_archdata instead of firmware_data 2006-12-01 14:52:01 -08:00
asm-xtensa Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
crypto
keys
linux SELinux: Various xfrm labeling fixes 2006-12-02 21:21:31 -08:00
math-emu
media V4L/DVB (4666): Ensure the WM8775 driver is loaded generically for any board. 2006-10-03 15:13:48 -03:00
mtd Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 2006-10-01 17:55:53 +01:00
net [BLUETOOTH]: rfcomm endianness annotations 2006-12-02 21:21:29 -08:00
pcmcia
rdma IB/cm: Fix automatic path migration support 2006-11-29 15:33:10 -08:00
rxrpc
scsi [PATCH] add missing libsas include to fix s390 compilation. 2006-11-28 17:26:50 -08:00
sound Driver core: convert sound core to use struct device 2006-12-01 14:52:01 -08:00
video fix file specification in comments 2006-10-03 23:01:26 +02:00
Kbuild