| commit | f6685217573ee91085867806cc89dd80fa571f58 | |
| author | Eric Paris <eparis@redhat.com> | |
| Thu, 16 Dec 2010 16:46:51 +0000 (16 11:46 -0500) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Thu, 17 Feb 2011 23:15:03 +0000 (17 15:15 -0800) | ||
| tree | e27213fcac6e1bbd28fd7cb80ca8684265f4631e | treesnapshot (tar.gz zip) |
| parent | 44489516c52b3b76d9b2a0e670a26b6e64938ddf | commitdiff |
SELinux: define permissions for DCB netlink messages
commit 350e4f31e0eaf56dfc3b328d24a11bdf42a41fb8 upstream.
Commit 2f90b865 added two new netlink message types to the netlink route
socket. SELinux has hooks to define if netlink messages are allowed to
be sent or received, but it did not know about these two new message
types. By default we allow such actions so noone likely noticed. This
patch adds the proper definitions and thus proper permissions
enforcement.
Signed-off-by: Eric Paris <eparis@redhat.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 350e4f31e0eaf56dfc3b328d24a11bdf42a41fb8 upstream.
Commit 2f90b865 added two new netlink message types to the netlink route
socket. SELinux has hooks to define if netlink messages are allowed to
be sent or received, but it did not know about these two new message
types. By default we allow such actions so noone likely noticed. This
patch adds the proper definitions and thus proper permissions
enforcement.
Signed-off-by: Eric Paris <eparis@redhat.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| security/selinux/nlmsgtab.c | diffblobblamehistory |