linux-sg2042/fs/proc
Eric Paris 42c3e03ef6 [PATCH] SELinux: Add sockcreate node to procattr API
Below is a patch to add a new /proc/self/attr/sockcreate A process may write a
context into this interface and all subsequent sockets created will be labeled
with that context.  This is the same idea as the fscreate interface where a
process can specify the label of a file about to be created.  At this time one
envisioned user of this will be xinetd.  It will be able to better label
sockets for the actual services.  At this time all sockets take the label of
the creating process, so all xinitd sockets would just be labeled the same.

I tested this by creating a tcp sender and listener.  The sender was able to
write to this new proc file and then create sockets with the specified label.
I am able to be sure the new label was used since the avc denial messages
kicked out by the kernel included both the new security permission
setsockcreate and all the socket denials were for the new label, not the label
of the running process.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-26 09:58:26 -07:00
..
Makefile [PATCH] kdump: Access dump file in elf format (/proc/vmcore) 2005-06-25 16:24:53 -07:00
array.c [PATCH] hrtimers: remove it_real_value calculation from proc/*/stat 2006-03-26 08:57:02 -08:00
base.c [PATCH] SELinux: Add sockcreate node to procattr API 2006-06-26 09:58:26 -07:00
generic.c [PATCH] mark f_ops const in the inode 2006-03-28 09:16:05 -08:00
inode-alloc.txt Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
inode.c [PATCH] proc: Use struct pid not struct task_ref 2006-06-26 09:58:26 -07:00
internal.h [PATCH] proc: Use struct pid not struct task_ref 2006-06-26 09:58:26 -07:00
kcore.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
kmsg.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
mmu.c [PATCH] fix impossible VmallocChunk 2005-05-17 07:59:10 -07:00
nommu.c [PATCH] output of /proc/maps on nommu systems is incomplete 2005-10-17 17:03:57 -07:00
proc_devtree.c [PATCH] powerpc: Cope with duplicate node & property names in /proc/device-tree 2006-03-28 16:45:23 +11:00
proc_misc.c [PATCH] Simplify proc/devices and fix early termination regression 2006-03-31 12:18:53 -08:00
proc_tty.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
root.c [PATCH] VFS: Permit filesystem to override root dentry on mount 2006-06-23 07:42:45 -07:00
task_mmu.c [PATCH] proc: Use struct pid not struct task_ref 2006-06-26 09:58:26 -07:00
task_nommu.c [PATCH] proc: Move proc_maps_operations into task_mmu.c 2006-06-26 09:58:24 -07:00
vmcore.c [PATCH] kdump proc vmcore size oveflow fix 2006-04-11 06:18:42 -07:00