selinux: Set socket NetLabel based on connection endpoint Previous work enabled the use of address based NetLabel selectors, which while highly useful, brought the potential for additional per-packet overhead when used. This patch attempts to solve that by applying NetLabel socket labels when sockets are connect()'d. This should alleviate the per-packet NetLabel labeling for all connected sockets (yes, it even works for connected DGRAM sockets). Signed-off-by: Paul Moore <paul.moore@hp.com> Reviewed-by: James Morris <jmorris@namei.org>

commit: 014ab19a69c325f52d7bae54ceeda73d6307ae0c [log] [tgz]
author: Paul Moore <paul.moore@hp.com> Fri Oct 10 10:16:33 2008 -0400
committer: Paul Moore <paul.moore@hp.com> Fri Oct 10 10:16:33 2008 -0400
tree: 8a69c490accb7d5454bdfeb8c078d846729aeb60
parent: 948bf85c1bc9a84754786a9d5dd99b7ecc46451e [diff] [blame]
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index f46dd1c..ad34787 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h

@@ -118,6 +118,7 @@
 		NLBL_REQUIRE,
 		NLBL_LABELED,
 		NLBL_REQSKB,
+		NLBL_CONNLABELED,
 	} nlbl_state;
 #endif
 };
commit	014ab19a69c325f52d7bae54ceeda73d6307ae0c	[log] [tgz]
author	Paul Moore <paul.moore@hp.com>	Fri Oct 10 10:16:33 2008 -0400
committer	Paul Moore <paul.moore@hp.com>	Fri Oct 10 10:16:33 2008 -0400
tree	8a69c490accb7d5454bdfeb8c078d846729aeb60
parent	948bf85c1bc9a84754786a9d5dd99b7ecc46451e [diff] [blame]