Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-2.6.28.y 2008-10-08T09:35:11+00:00 2008-10-08T09:35:11+00:00 Alexey Dobriyan adobriyan@gmail.com 2008-10-08T09:35:11+00:00 urn:sha1:0c4c9288ada0e6642d511ef872f10a4781a896ff Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> 2008-10-08T09:35:10+00:00 Alexey Dobriyan adobriyan@gmail.com 2008-10-08T09:35:10+00:00 urn:sha1:e099a173573ce1ba171092aee7bb3c72ea686e59 Same story as with iptable_filter, iptables_raw tables. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> 2008-07-06T02:04:32+00:00 Denis V. Lunev den@openvz.org 2008-07-06T02:04:32+00:00 urn:sha1:e84f84f276473dcc673f360e8ff3203148bdf0e2 Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-07-06T02:02:59+00:00 Denis V. Lunev den@openvz.org 2008-07-06T02:02:59+00:00 urn:sha1:9f5e97e53675caeda48e9988122a30470f4d309d Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-07-06T02:02:33+00:00 Denis V. Lunev den@openvz.org 2008-07-06T02:02:33+00:00 urn:sha1:39a23e75087ce815abbddbd565b9a2e567ac47da Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-06-09T22:57:24+00:00 James Morris jmorris@namei.org 2008-06-09T22:57:24+00:00 urn:sha1:560ee653b67074b805f1b661988a72a0e58811a5 The following patch implements a new "security" table for iptables, so that MAC (SELinux etc.) networking rules can be managed separately to standard DAC rules. This is to help with distro integration of the new secmark-based network controls, per various previous discussions. The need for a separate table arises from the fact that existing tools and usage of iptables will likely clash with centralized MAC policy management. The SECMARK and CONNSECMARK targets will still be valid in the mangle table to prevent breakage of existing users. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-04-03T21:31:33+00:00 Denis V. Lunev den@openvz.org 2008-04-03T21:31:33+00:00 urn:sha1:046ee902357adc046d041441956ec7eeb30c77c4 Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-03-26T08:56:24+00:00 Pavel Emelyanov xemul@openvz.org 2008-03-26T08:56:24+00:00 urn:sha1:68528f09980a60c8df046d16336333cac4fc0c32 Add some flesh to ipv4_sysctl_init_net and ipv4_sysctl_exit_net, i.e. copy the table, alter .data pointers and register it per-net. Other ipv4_table's sysctls are now global, but this is going to change once sysctl permissions patches migrate from -mm tree to mainline in 2.6.26 merge window :) Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-03-26T08:55:37+00:00 Pavel Emelyanov xemul@openvz.org 2008-03-26T08:55:37+00:00 urn:sha1:a24022e1887978decaa28fb11d1ddff63e31497f Initialization is moved to icmp_sk_init, all the places, that refer to them use init_net for now. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2008-02-29T19:19:58+00:00 Denis V. Lunev den@openvz.org 2008-02-29T19:19:58+00:00 urn:sha1:4a6ad7a141cbee2cf074e6cf8dc527b231b69ece All preparations are done. Now just add a hook to perform an initialization on namespace startup and replace icmp_sk macro with proper inline call. Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>