NetLabel: SELinux cleanups
This patch does a lot of cleanup in the SELinux NetLabel support code. A summary of the changes include: * Use RCU locking for the NetLabel state variable in the skk_security_struct instead of using the inode_security_struct mutex. * Remove unnecessary parameters in selinux_netlbl_socket_post_create(). * Rename selinux_netlbl_sk_clone_security() to selinux_netlbl_sk_security_clone() to better fit the other NetLabel sk_security functions. * Improvements to selinux_netlbl_inode_permission() to help reduce the cost of the common case. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Paul Moore
committed by
David S. Miller
David S. Miller
parent
9bb5fd2b05
commit
9f2ad66509
@ -23,6 +23,7 @@
|
||||
#include <linux/fs.h>
|
||||
#include <linux/binfmts.h>
|
||||
#include <linux/in.h>
|
||||
#include <linux/spinlock.h>
|
||||
#include "flask.h"
|
||||
#include "avc.h"
|
||||
|
||||
@ -108,6 +109,7 @@ struct sk_security_struct {
|
||||
NLBL_REQUIRE,
|
||||
NLBL_LABELED,
|
||||
} nlbl_state;
|
||||
spinlock_t nlbl_lock; /* protects nlbl_state */
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user