diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2015-06-04 16:22:16 -0400 |
|---|---|---|
| committer | Moyster <oysterized@gmail.com> | 2019-07-06 12:01:26 +0200 |
| commit | 09158c4b40bb58b4297c1cf81ca612a14cbfc569 (patch) | |
| tree | 792c5f47112d2e7e3101e116142e6d0c08ab8098 /include/linux/fcdevice.h | |
| parent | 6c9d3b1942bd295f3696b73d90e67ba7864279b5 (diff) | |
selinux: update netlink socket classes
Update the set of SELinux netlink socket class definitions to match
the set of netlink protocols implemented by the kernel. The
ip_queue implementation for the NETLINK_FIREWALL and NETLINK_IP6_FW protocols
was removed in d16cf20e2f2f13411eece7f7fb72c17d141c4a84, so we can remove
the corresponding class definitions as this is dead code. Add new
classes for NETLINK_ISCSI, NETLINK_FIB_LOOKUP, NETLINK_CONNECTOR,
NETLINK_NETFILTER, NETLINK_GENERIC, NETLINK_SCSITRANSPORT, NETLINK_RDMA,
and NETLINK_CRYPTO so that we can distinguish among sockets created
for each of these protocols. This change does not define the finer-grained
nlsmsg_read/write permissions or map specific nlmsg_type values to those
permissions in the SELinux nlmsgtab; if finer-grained control of these
sockets is desired/required, that can be added as a follow-on change.
We do not define a SELinux class for NETLINK_ECRYPTFS as the implementation
was removed in 624ae5284516870657505103ada531c64dba2a9a.
Change-Id: Ic233c39d4271544a3a63f9fa64c855a44fc08705
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'include/linux/fcdevice.h')
0 files changed, 0 insertions, 0 deletions