diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2010-11-25 04:12:10 +0300 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-11-29 01:04:35 +0300 |
| commit | b4e0d5f0791bd6dd12a1c1edea0340969c7c1f90 (patch) | |
| tree | 1ed1def6d5dea2cdae6b6e52571677fa7650edd5 /kernel | |
| parent | 7e70cb4978507cf31d76b90e4cfb4c28cad87f0c (diff) | |
| download | linux-b4e0d5f0791bd6dd12a1c1edea0340969c7c1f90.tar.xz | |
Smack: UDS revision
This patch addresses a number of long standing issues
with the way Smack treats UNIX domain sockets.
All access control was being done based on the label of
the file system object. This is inconsistant with the
internet domain, in which access is done based on the
IPIN and IPOUT attributes of the socket. As a result
of the inode label policy it was not possible to use
a UDS socket for label cognizant services, including
dbus and the X11 server.
Support for SCM_PEERSEC on UDS sockets is also provided.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel')
0 files changed, 0 insertions, 0 deletions