[Patch] kernel memory leak fix for af_unix datagram getpeersec patch

Hi, all, Enclosed please find the updated patch incorporating comments from Stephen and Dave. Again thanks for your help! Catherine -- From: [EMAIL PROTECTED] This patch implements a cleaner fix for the memory leak problem of the original unix datagram getpeersec patch. Instead of creating

RFC: kernel memory leak fix for af_unix datagram getpeersec

Hi, all, Enclosed please find the new fix for the memory leak problem, incorporating suggestions from Stephen and James. thanks all for your help! Catherine -- From: [EMAIL PROTECTED] This patch implements a cleaner fix for the memory leak problem of the original unix datagram getpeersec pat

[Patch 1/1] AF_UNIX Datagram getpeersec (minor fix)

Hi, Minor fix (un-export selinux_get_sock_sid()). thanks, Catherine -- From: [EMAIL PROTECTED] This patch implements an API whereby an application can determine the label of its peer's Unix datagram sockets via the auxiliary data mechanism of recvmsg. Patch purpose: This patch enables a se

[Patch 1/1] AF_UNIX Datagram getpeersec (with latest updates)

Hi, This patch combines all previous updates. Many thanks to James, Dave, and Stephen for their modifications and comments! cheers, Catherine -- From: [EMAIL PROTECTED] This patch implements an API whereby an application can determine the label of its peer's Unix datagram sockets via the aux

[Patch 1/1] AF_UNIX Datagram getpeersec

Hi, One major change as per James' comment -- calls to get the security context of a peer is done through the hook socket_getpeersec_dgram(). Again, comments are welcome! thanks, Catherine -- From: [EMAIL PROTECTED] This patch implements an API whereby an application can determine the label

[Patch 1/1] AF_UNIX Datagram getpeersec (with minor fix)

Hi, I added one file (include/linux/selinux.h) which was omitted from the previous patch, and removed a couple of unnecessary changes. Again, comments are welcome! thanks, Catherine -- From: [EMAIL PROTECTED] This patch implements an API whereby an application can determine the label of its

Re: updated [Patch 1/1] AF_UNIX Datagram getpeersec

On 6/17/06, James Morris <[EMAIL PROTECTED]> wrote: On Fri, 16 Jun 2006, Stephen Hemminger wrote: > This is so short, it would make sense to put it in scm.h > and why not have it return the value instead of call by reference? > Same goes for selinux_get_inode_sid Actually, all of the SELinux AP

updated [Patch 1/1] AF_UNIX Datagram getpeersec

Hi, Enclosed please find the updated AF_UNIX patch, incorporating comments from James, Stephen, Dave, Chris, Andrew and others. The patch is now built upon the newly added SELinux functions exported in selinux/exports.c, which are also used by the auditing subsystem. One function, selinux_get_s

[PATCH 1/1] LSM-IPsec SELinux Authorize (with minor fix)

Hi, Minor fix per James' comment. thanks, Catherine -- This patch contains a fix for the previous patch that adds security contexts to IPsec policies and security associations. In the previous patch, no authorization (besides the check for write permissions to SAD and SPD) is required to delete

[PATCH 1/1] LSM-IPsec SELinux Authorize

Hi, This is resubmit of the LSM-IPsec fix patch rebased against Linux version 2.6.17-rc4-mm3. As always, comments are welcome! Catherine --- This patch contains a fix for the previous patch that adds security contexts to IPsec policies and security associations. In the previous patch, no au

updated [Patch 1/1] AF_UNIX Datagram getpeersec

Hi, James, Stephen, Dave and Chris, Enclosed please find the updated AF_UNIX patch. It addressed three major issues in the previous patch. 1. No directly calling of the SELINUX function security_sid_to_context(). The fix is to export this and other similar functions through wrapper functio

RFC [Patch 1/1] Unix Datagram getpeersec

Hi, As per request from Stephen, I have enclosed the patch for Unix Datagram getpeersec. As always, comments are welcome! thanks, Catherine -- From: [EMAIL PROTECTED] This patch implements an API whereby an application can determine the label of its peer's Unix datagram sockets via the au

[Patch 1/1] updated: TCP/UDP getpeersec

Hi, Updated as per Herbert's comment. Catherine --- From: [EMAIL PROTECTED] This patch implements an application of the LSM-IPSec networking controls whereby an application can determine the label of the security association its TCP or UDP sockets are currently connected to via getsockopt and

Re: [Patch 1/1] updated: TCP/UDP getpeersec

Joy, Thanks for your comment and sorry for the delay. Did you mean a separate error code for 'null' context? The current code catches the case when the sid is SECSID_NULL, and returns ENOPROTOOPT. The question is whether we want to create a different error code for this case. Any suggestions?

[Patch 1/1] updated: TCP/UDP getpeersec

Hi, Updated as per James' comment. Catherine --- From: [EMAIL PROTECTED] This patch implements an application of the LSM-IPSec networking controls whereby an application can determine the label of the security association its TCP or UDP sockets are currently connected to via getsockopt and th

[Patch 1/1] Resubmit: TCP/UDP getpeersec

Hi, Resubmission since the previous submission has entangled tab/spaces. thanks, Catherine -- From: [EMAIL PROTECTED] This patch implements an application of the LSM-IPSec networking controls whereby an application can determine the label of the security association its TCP or UDP sockets are

Re: [PATCH 1/1] double xfrm_state_put bug fix

This is much better. Sorry for the confusion. With a clear comment like this, I don't think it'll happen again. thanks, Catherine On 1/17/06, Herbert Xu <[EMAIL PROTECTED]> wrote: > On Tue, Jan 17, 2006 at 06:29:26PM -0800, David S. Miller wrote: > > > > There is a big comment in __xfrm_state_d