Venkat Yekkirala wrote:
>>On Wed, 2006-10-04 at 15:27 -0400, Paul Moore wrote:
>>
>>>Venkat Yekkirala wrote:
>>>
>* XFRM present
>
> xfrm_sid =
> loc_sid = SECINITSID_NETMSG
> nlbl_sid = SECSID_NULL/0
> ext_sid = xfrm_sid
> final skb->secmark = avc_ok : ext_sid ? u
> On Wed, 2006-10-04 at 15:27 -0400, Paul Moore wrote:
> > Venkat Yekkirala wrote:
> > >> * XFRM present
> > >>
> > >> xfrm_sid =
> > >> loc_sid = SECINITSID_NETMSG
> > >> nlbl_sid = SECSID_NULL/0
> > >> ext_sid = xfrm_sid
> > >> final skb->secmark = avc_ok : ext_sid ? unchanged
As note
Venkat Yekkirala wrote:
* XFRM present
xfrm_sid =
loc_sid = SECINITSID_NETMSG
nlbl_sid = SECSID_NULL/0
ext_sid = xfrm_sid
final skb->secmark = avc_ok : ext_sid ? unchanged
>
> Actually, I meant to cite the following instead of the above:
>
> * Nothing
>
>
On Wed, 2006-10-04 at 15:27 -0400, Paul Moore wrote:
> Venkat Yekkirala wrote:
> >> * XFRM present
> >>
> >> xfrm_sid =
> >> loc_sid = SECINITSID_NETMSG
> >> nlbl_sid = SECSID_NULL/0
> >> ext_sid = xfrm_sid
> >> final skb->secmark = avc_ok : ext_sid ? unchanged
> >>
> >> * NetLabel prese
> >> * XFRM present
> >>
> >> xfrm_sid =
> >> loc_sid = SECINITSID_NETMSG
> >> nlbl_sid = SECSID_NULL/0
> >> ext_sid = xfrm_sid
> >> final skb->secmark = avc_ok : ext_sid ? unchanged
Actually, I meant to cite the following instead of the above:
* Nothing
xfrm_sid = SECSID_NULL/0
Venkat Yekkirala wrote:
>> * XFRM present
>>
>> xfrm_sid =
>> loc_sid = SECINITSID_NETMSG
>> nlbl_sid = SECSID_NULL/0
>> ext_sid = xfrm_sid
>> final skb->secmark = avc_ok : ext_sid ? unchanged
>>
>> * NetLabel present
>>
>> xfrm_sid = SECSID_NULL/0
>> loc_sid = SECSID_NULL/0
>> nlb
> * XFRM present
>
>xfrm_sid =
>loc_sid = SECINITSID_NETMSG
>nlbl_sid = SECSID_NULL/0
>ext_sid = xfrm_sid
>final skb->secmark = avc_ok : ext_sid ? unchanged
>
> * NetLabel present
>
>xfrm_sid = SECSID_NULL/0
>loc_sid = SECSID_NULL/0
>nlbl_sid =
>ext_sid =
Venkat Yekkirala wrote:
>>@@ -3714,19 +3714,34 @@ static int selinux_skb_flow_in(struct sk
>> if (skb->dev == &loopback_dev)
>> return 1;
>>
>>+ if (skb->secmark)
>>+ loc_sid = skb->secmark;
>>+ else
>>+ loc_sid = SECINITSID_NETMSG;
>>+
>> err
> > @@ -3714,19 +3714,34 @@ static int selinux_skb_flow_in(struct sk
> > if (skb->dev == &loopback_dev)
> > return 1;
> >
> > + if (skb->secmark)
> > + loc_sid = skb->secmark;
> > + else
> > + loc_sid = SECINITSID_NETMSG;
> > +
> > err = selinux_xfrm_de
> @@ -3714,19 +3714,34 @@ static int selinux_skb_flow_in(struct sk
> if (skb->dev == &loopback_dev)
> return 1;
>
> + if (skb->secmark)
> + loc_sid = skb->secmark;
> + else
> + loc_sid = SECINITSID_NETMSG;
> +
> err = selinux_xfrm_decode_s
This patch provides the missing NetLabel support to the secid reconciliation
patchset.
Signed-off-by: Paul Moore <[EMAIL PROTECTED]>
---
security/selinux/hooks.c| 104 +--
security/selinux/include/objsec.h |1
security/selinux/include/se
11 matches
Mail list logo
