security · ff525bdf014c3dcc0656b297f4371c1f5a23739b · Upstream / linux-stable

selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()

Paul Moore authored 11 years ago

commit c0828e50

 upstream.

Due to difficulty in arriving at the proper security label for
TCP SYN-ACK packets in selinux_ip_postroute(), we need to check packets
while/before they are undergoing XFRM transforms instead of waiting
until afterwards so that we can determine the correct security label.
Reported-by: Janak Desai <Janak.Desai@gtri.gatech.edu>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

6594af6a

Name	Last commit	Last update
..
apparmor	apparmor: fix bad lock balance when introspecting policy	11 years ago
integrity	Revert "ima: policy for RAMFS"	11 years ago
keys	aio: don't include aio.h in sched.h	12 years ago
selinux	selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()	11 years ago
smack	Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	11 years ago
tomoyo	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	12 years ago
yama	yama: Better permission check for ptraceme	12 years ago
Kconfig	KEYS: Move the key config into security/keys/Kconfig	13 years ago
Makefile	security: Yama LSM	13 years ago
capability.c	xattr: Constify ->name member of "struct xattr".	11 years ago
commoncap.c	capabilities: allow nice if we are privileged	11 years ago
device_cgroup.c	cgroup: make css_for_each_descendant() and friends include the origin css in the iteration	11 years ago
inode.c	securityfs: fix object creation races	13 years ago
lsm_audit.c	LSM: BUILD_BUG_ON if the common_audit_data union ever grows	13 years ago
min_addr.c	mmap_min_addr check CAP_SYS_RAWIO only for write	15 years ago
security.c	xattr: Constify ->name member of "struct xattr".	11 years ago

GitLab

Menu

Download source code

Download this directory