2ee92d46c6
This patch implements SELinux kernel support for DCCP (http://linux-net.osdl.org/index.php/DCCP), which is similar in operation to TCP in terms of connected state between peers. The SELinux support for DCCP is thus modeled on existing handling of TCP. A new DCCP socket class is introduced, to allow protocol differentation. The permissions for this class inherit all of the socket permissions, as well as the current TCP permissions (node_bind, name_bind etc). IPv4 and IPv6 are supported, although labeled networking is not, at this stage. Patches for SELinux userspace are at: http://people.redhat.com/jmorris/selinux/dccp/user/ I've performed some basic testing, and it seems to be working as expected. Adding policy support is similar to TCP, the only real difference being that it's a different protocol. Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| av_inherit.h | ||
| av_perm_to_string.h | ||
| av_permissions.h | ||
| avc.h | ||
| avc_ss.h | ||
| class_to_string.h | ||
| common_perm_to_string.h | ||
| conditional.h | ||
| flask.h | ||
| initial_sid_to_string.h | ||
| netif.h | ||
| objsec.h | ||
| security.h | ||
| selinux_netlabel.h | ||
| xfrm.h | ||