[MLSXFRM]: Add security sid to sock
This adds security for IP sockets at the sock level. Security at the sock level is needed to enforce the SELinux security policy for security associations even when a sock is orphaned (such as in the TCP LAST_ACK state). This will also be used to enforce SELinux controls over data arriving at or leaving a child socket while it's still waiting to be accepted. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Venkat Yekkirala
committed by
David S. Miller
David S. Miller
parent
08554d6b33
commit
892c141e62
@@ -99,6 +99,7 @@ struct netif_security_struct {
|
||||
|
||||
struct sk_security_struct {
|
||||
struct sock *sk; /* back pointer to sk object */
|
||||
u32 sid; /* SID of this object */
|
||||
u32 peer_sid; /* SID of peer */
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user