| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Patrick McHardy <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Signed-off-by: Patrick McHardy <[email protected]>
Acked-by: Paul Moore <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The audit_enabled flag is used to signal when syscall auditing is to be
performed. While NetLabel uses a Netlink interface instead of syscalls, it is
reasonable to consider the NetLabel Netlink interface as a form of syscall so
pay attention to the audit_enabled flag when generating audit messages in
NetLabel.
Signed-off-by: Paul Moore <[email protected]>
Signed-off-by: James Morris <[email protected]>
|
|
Currently the NetLabel unlabeled packet accept flag is an atomic type and it
is checked for every non-NetLabel packet which comes into the system but rarely
ever changed. This patch changes this flag to a normal integer and protects it
with RCU locking.
Signed-off-by: Paul Moore <[email protected]>
Signed-off-by: James Morris <[email protected]>
|
|
By modyfing genlmsg_put() to take a genl_family and by adding
genlmsg_put_reply() the process of constructing the netlink
and generic netlink headers is simplified.
Signed-off-by: Thomas Graf <[email protected]>
Acked-by: Paul Moore <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
A generic netlink user has no interest in knowing how to
address the source of the original request.
Signed-off-by: Thomas Graf <[email protected]>
Acked-by: Paul Moore <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Account for the netlink message header size directly in nlmsg_new()
instead of relying on the caller calculate it correctly.
Replaces error handling of message construction functions when
constructing notifications with bug traps since a failure implies
a bug in calculating the size of the skb.
Signed-off-by: Thomas Graf <[email protected]>
Acked-by: Paul Moore <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Fix some issues Steve Grubb had with the way NetLabel was using the audit
subsystem. This should make NetLabel more consistent with other kernel
generated audit messages specifying configuration changes.
Signed-off-by: Paul Moore <[email protected]>
Acked-by: Steve Grubb <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
This patch adds audit support to NetLabel, including six new audit message
types shown below.
#define AUDIT_MAC_UNLBL_ACCEPT 1406
#define AUDIT_MAC_UNLBL_DENY 1407
#define AUDIT_MAC_CIPSOV4_ADD 1408
#define AUDIT_MAC_CIPSOV4_DEL 1409
#define AUDIT_MAC_MAP_ADD 1410
#define AUDIT_MAC_MAP_DEL 1411
Signed-off-by: Paul Moore <[email protected]>
Acked-by: James Morris <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
At the suggestion of Thomas Graf, rewrite NetLabel's use of Netlink attributes
to better follow the common Netlink attribute usage.
Signed-off-by: Paul Moore <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Add CIPSO/IPv4 and unlabeled packet management to the NetLabel
subsystem. The CIPSO/IPv4 changes allow the configuration of
CIPSO/IPv4 within the overall NetLabel framework. The unlabeled
packet changes allows NetLabel to pass unlabeled packets without
error.
Signed-off-by: Paul Moore <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|