git://ftp.safe.ca / safe / jmp / linux-2.6 / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 576a30e) | patch
[NETLINK]: Encapsulate eff_cap usage within security framework.
authorDarrel Goeddel <dgoeddel@trustedcs.com>
Tue, 27 Jun 2006 20:26:11 +0000 (13:26 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Thu, 29 Jun 2006 23:57:55 +0000 (16:57 -0700)
commitc7bdb545d23026b18be53289fd866d1ac07f5f8c
tree6d9a218871d88f7579dd53f14692df2529b6e712tree | snapshot
parent576a30eb6453439b3c37ba24455ac7090c247b5acommit | diff
[NETLINK]: Encapsulate eff_cap usage within security framework.

This patch encapsulates the usage of eff_cap (in netlink_skb_params) within
the security framework by extending security_netlink_recv to include a required
capability parameter and converting all direct usage of eff_caps outside
of the lsm modules to use the interface.  It also updates the SELinux
implementation of the security_netlink_send and security_netlink_recv
hooks to take advantage of the sid in the netlink_skb_params struct.
This also enables SELinux to perform auditing of netlink capability checks.
Please apply, for 2.6.18 if possible.

Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 files changed:
include/linux/security.h diff | blob | history
kernel/audit.c diff | blob | history
net/core/rtnetlink.c diff | blob | history
net/decnet/netfilter/dn_rtmsg.c diff | blob | history
net/ipv4/netfilter/ip_queue.c diff | blob | history
net/ipv6/netfilter/ip6_queue.c diff | blob | history
net/netfilter/nfnetlink.c diff | blob | history
net/netlink/genetlink.c diff | blob | history
net/xfrm/xfrm_user.c diff | blob | history
security/commoncap.c diff | blob | history
security/dummy.c diff | blob | history
security/selinux/hooks.c diff | blob | history
Full containers within linux kernel