projects / kernel / kernel-generic.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2a1f1a8) | patch
selinux: look for IPsec labels on both inbound and outbound packets
authorPaul Moore <pmoore@redhat.com>
Tue, 10 Dec 2013 19:57:54 +0000 (14:57 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 9 Jan 2014 20:25:15 +0000 (12:25 -0800)
commit3577781b15f69da08f33392ba9234d393686c61e
tree8bbcf2fb47c9438ebd83349d211e222e1c4221fatree | snapshot
parent2a1f1a8c977e6a9a9022f03c89f00616fec708b3commit | diff
selinux: look for IPsec labels on both inbound and outbound packets

commit 817eff718dca4e54d5721211ddde0914428fbb7c upstream.

Previously selinux_skb_peerlbl_sid() would only check for labeled
IPsec security labels on inbound packets, this patch enables it to
check both inbound and outbound traffic for labeled IPsec security
labels.

Reported-by: Janak Desai <Janak.Desai@gtri.gatech.edu>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
security/selinux/hooks.c diff | blob | history
security/selinux/include/xfrm.h diff | blob | history
security/selinux/xfrm.c diff | blob | history
Domain: System / Uncategorized;