kernel-ark/security
Venkat Yekkirala 334c85569b [SELINUX]: increment flow cache genid
Currently, old flow cache entries remain valid even after
a reload of SELinux policy.

This patch increments the flow cache generation id
on policy (re)loads so that flow cache entries are
revalidated as needed.

Thanks to Herbet Xu for pointing this out. See:
http://marc.theaimsgroup.com/?l=linux-netdev&m=116841378704536&w=2

There's also a general issue as well as a solution proposed
by David Miller for when flow_cache_genid wraps. I might be
submitting a separate patch for that later.

I request that this be applied to 2.6.20 since it's
a security relevant fix.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-23 20:25:41 -08:00
..
keys [PATCH] lockdep: name some old style locks 2006-12-07 08:39:36 -08:00
selinux [SELINUX]: increment flow cache genid 2007-01-23 20:25:41 -08:00
capability.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
commoncap.c [PATCH] pidspace: is_init() 2006-09-29 09:18:12 -07:00
dummy.c SELinux: Fix SA selection semantics 2006-12-02 21:21:34 -08:00
inode.c [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
Kconfig [PATCH] LSM: remove BSD secure level security module 2006-09-29 09:18:10 -07:00
Makefile [PATCH] LSM: remove BSD secure level security module 2006-09-29 09:18:10 -07:00
root_plug.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
security.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00