Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
cloud-kernel
提交
167225b7
cloud-kernel
项目概览
openanolis
/
cloud-kernel
1 年多 前同步成功
通知
160
Star
36
Fork
7
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
10
列表
看板
标记
里程碑
合并请求
2
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
cloud-kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
10
Issue
10
列表
看板
标记
里程碑
合并请求
2
合并请求
2
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
167225b7
编写于
7月 30, 2014
作者:
J
James Morris
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'stable-3.16' of
git://git.infradead.org/users/pcmoore/selinux
into next
上级
b64cc5fb
2873ead7
变更
2
显示空白变更内容
内联
并排
Showing
2 changed file
with
3 addition
and
15 deletion
+3
-15
include/linux/security.h
include/linux/security.h
+1
-4
security/selinux/hooks.c
security/selinux/hooks.c
+2
-11
未找到文件。
include/linux/security.h
浏览文件 @
167225b7
...
@@ -996,10 +996,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
...
@@ -996,10 +996,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* Retrieve the LSM-specific secid for the sock to enable caching of network
* Retrieve the LSM-specific secid for the sock to enable caching of network
* authorizations.
* authorizations.
* @sock_graft:
* @sock_graft:
* This hook is called in response to a newly created sock struct being
* Sets the socket's isec sid to the sock's sid.
* grafted onto an existing socket and allows the security module to
* perform whatever security attribute management is necessary for both
* the sock and socket.
* @inet_conn_request:
* @inet_conn_request:
* Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
* Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
* @inet_csk_clone:
* @inet_csk_clone:
...
...
security/selinux/hooks.c
浏览文件 @
167225b7
...
@@ -4510,18 +4510,9 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent)
...
@@ -4510,18 +4510,9 @@ static void selinux_sock_graft(struct sock *sk, struct socket *parent)
struct
inode_security_struct
*
isec
=
SOCK_INODE
(
parent
)
->
i_security
;
struct
inode_security_struct
*
isec
=
SOCK_INODE
(
parent
)
->
i_security
;
struct
sk_security_struct
*
sksec
=
sk
->
sk_security
;
struct
sk_security_struct
*
sksec
=
sk
->
sk_security
;
switch
(
sk
->
sk_family
)
{
if
(
sk
->
sk_family
==
PF_INET
||
sk
->
sk_family
==
PF_INET6
||
case
PF_INET
:
sk
->
sk_family
==
PF_UNIX
)
case
PF_INET6
:
case
PF_UNIX
:
isec
->
sid
=
sksec
->
sid
;
isec
->
sid
=
sksec
->
sid
;
break
;
default:
/* by default there is no special labeling mechanism for the
* sksec label so inherit the label from the parent socket */
BUG_ON
(
sksec
->
sid
!=
SECINITSID_UNLABELED
);
sksec
->
sid
=
isec
->
sid
;
}
sksec
->
sclass
=
isec
->
sclass
;
sksec
->
sclass
=
isec
->
sclass
;
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录