linux-sg2042/security/selinux
Eric Dumazet ca10b9e9a8 selinux: add a skb_owned_by() hook
Commit 90ba9b1986 (tcp: tcp_make_synack() can use alloc_skb())
broke certain SELinux/NetLabel configurations by no longer correctly
assigning the sock to the outgoing SYNACK packet.

Cost of atomic operations on the LISTEN socket is quite big,
and we would like it to happen only if really needed.

This patch introduces a new security_ops->skb_owned_by() method,
that is a void operation unless selinux is active.

Reported-by: Miroslav Vadkerti <mvadkert@redhat.com>
Diagnosed-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-security-module@vger.kernel.org
Acked-by: James Morris <james.l.morris@oracle.com>
Tested-by: Paul Moore <pmoore@redhat.com>
Acked-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-09 13:23:11 -04:00
..
include tun: fix LSM/SELinux labeling of tun/tap devices 2013-01-14 18:16:59 -05:00
ss userns: Convert selinux to use kuid and kgid where appropriate 2012-09-21 03:13:22 -07:00
.gitignore SELinux: add .gitignore files for dynamic classes 2009-10-24 09:42:27 +08:00
Kconfig selinux: Deprecate and schedule the removal of the the compat_net functionality 2008-12-31 12:54:11 -05:00
Makefile selinux: change to new flag variable 2010-10-21 10:12:40 +11:00
avc.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
exports.c selinux: sparse fix: include selinux.h in exports.c 2011-09-09 16:56:32 -07:00
hooks.c selinux: add a skb_owned_by() hook 2013-04-09 13:23:11 -04:00
netif.c SELinux: avc: remove the useless fields in avc_add_callback 2012-04-09 12:23:44 -04:00
netlabel.c doc: Update the email address for Paul Moore in various source files 2011-08-01 17:58:33 -07:00
netlink.c netlink: hide struct module parameter in netlink_kernel_create 2012-09-08 18:46:30 -04:00
netnode.c selinux: fix sel_netnode_insert() suspicious rcu dereference 2012-11-21 21:55:32 +11:00
netport.c SELinux: avc: remove the useless fields in avc_add_callback 2012-04-09 12:23:44 -04:00
nlmsgtab.c bridge: update selinux perm table for RTM_NEWMDB and RTM_DELMDB 2012-12-15 17:14:38 -08:00
selinuxfs.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
xfrm.c selinux: use GFP_ATOMIC under spin_lock 2013-03-19 00:33:09 +11:00