c7bdb545d2
This patch encapsulates the usage of eff_cap (in netlink_skb_params) within the security framework by extending security_netlink_recv to include a required capability parameter and converting all direct usage of eff_caps outside of the lsm modules to use the interface. It also updates the SELinux implementation of the security_netlink_send and security_netlink_recv hooks to take advantage of the sid in the netlink_skb_params struct. This also enables SELinux to perform auditing of netlink capability checks. Please apply, for 2.6.18 if possible. Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| irq | ||
| power | ||
| time | ||
| .gitignore | ||
| acct.c | ||
| audit.c | ||
| audit.h | ||
| auditfilter.c | ||
| auditsc.c | ||
| capability.c | ||
| compat.c | ||
| configs.c | ||
| cpu.c | ||
| cpuset.c | ||
| dma.c | ||
| exec_domain.c | ||
| exit.c | ||
| extable.c | ||
| fork.c | ||
| futex_compat.c | ||
| futex.c | ||
| hrtimer.c | ||
| itimer.c | ||
| kallsyms.c | ||
| Kconfig.hz | ||
| Kconfig.preempt | ||
| kexec.c | ||
| kfifo.c | ||
| kmod.c | ||
| kprobes.c | ||
| ksysfs.c | ||
| kthread.c | ||
| Makefile | ||
| module.c | ||
| mutex-debug.c | ||
| mutex-debug.h | ||
| mutex.c | ||
| mutex.h | ||
| panic.c | ||
| params.c | ||
| pid.c | ||
| posix-cpu-timers.c | ||
| posix-timers.c | ||
| printk.c | ||
| profile.c | ||
| ptrace.c | ||
| rcupdate.c | ||
| rcutorture.c | ||
| relay.c | ||
| resource.c | ||
| rtmutex_common.h | ||
| rtmutex-debug.c | ||
| rtmutex-debug.h | ||
| rtmutex-tester.c | ||
| rtmutex.c | ||
| rtmutex.h | ||
| sched.c | ||
| seccomp.c | ||
| signal.c | ||
| softirq.c | ||
| softlockup.c | ||
| spinlock.c | ||
| stop_machine.c | ||
| sys_ni.c | ||
| sys.c | ||
| sysctl.c | ||
| time.c | ||
| timer.c | ||
| uid16.c | ||
| unwind.c | ||
| user.c | ||
| wait.c | ||
| workqueue.c | ||