projects / linux-flexiantxendom0-natty.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 7e70cb4) | patch
Smack: UDS revision
authorCasey Schaufler <casey@schaufler-ca.com>
Thu, 25 Nov 2010 01:12:10 +0000 (17:12 -0800)
committerJames Morris <jmorris@namei.org>
Sun, 28 Nov 2010 22:04:35 +0000 (09:04 +1100)
commitb4e0d5f0791bd6dd12a1c1edea0340969c7c1f90
tree1ed1def6d5dea2cdae6b6e52571677fa7650edd5tree | snapshot
parent7e70cb4978507cf31d76b90e4cfb4c28cad87f0ccommit | diff
Smack: UDS revision

This patch addresses a number of long standing issues
    with the way Smack treats UNIX domain sockets.

    All access control was being done based on the label of
    the file system object. This is inconsistant with the
    internet domain, in which access is done based on the
    IPIN and IPOUT attributes of the socket. As a result
    of the inode label policy it was not possible to use
    a UDS socket for label cognizant services, including
    dbus and the X11 server.

    Support for SCM_PEERSEC on UDS sockets is also provided.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <jmorris@namei.org>
security/smack/smack_lsm.c diff | blob | history
Port of xen3.3 xenlinux code to Ubuntu Natty kernel