selinux: Support for the new TUN LSM hooks
Add support for the new TUN LSM hooks: security_tun_dev_create(), security_tun_dev_post_create() and security_tun_dev_attach(). This includes the addition of a new object class, tun_socket, which represents the socks associated with TUN devices. The _tun_dev_create() and _tun_dev_post_create() hooks are fairly similar to the standard socket functions but _tun_dev_attach() is a bit special. The _tun_dev_attach() is unique because it involves a domain attaching to an existing TUN device and its associated tun_socket object, an operation which does not exist with standard sockets and most closely resembles a relabel operation. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Eric Paris <eparis@parisplace.org> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Paul Moore
James Morris
@ -77,3 +77,4 @@
|
||||
S_(NULL)
|
||||
S_(NULL)
|
||||
S_("kernel_service")
|
||||
S_("tun_socket")
|
||||
|
||||
Reference in New Issue
Block a user