selinux: Set socket NetLabel based on connection endpoint - kernel

diff options

author	Paul Moore <[email protected]>	2008-10-10 14:16:33 +0000
committer	Paul Moore <[email protected]>	2008-10-10 14:16:33 +0000
commit	014ab19a69c325f52d7bae54ceeda73d6307ae0c (patch)
tree	8a69c490accb7d5454bdfeb8c078d846729aeb60 /lib/parser.c
parent	netlabel: Add functionality to set the security attributes of a packet (diff)
download	kernel-014ab19a69c325f52d7bae54ceeda73d6307ae0c.tar.gz kernel-014ab19a69c325f52d7bae54ceeda73d6307ae0c.zip

selinux: Set socket NetLabel based on connection endpoint

Previous work enabled the use of address based NetLabel selectors, which while highly useful, brought the potential for additional per-packet overhead when used. This patch attempts to solve that by applying NetLabel socket labels when sockets are connect()'d. This should alleviate the per-packet NetLabel labeling for all connected sockets (yes, it even works for connected DGRAM sockets). Signed-off-by: Paul Moore <[email protected]> Reviewed-by: James Morris <[email protected]>

Diffstat (limited to 'lib/parser.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: