kernel-aes67/security
Paul Moore d8395c876b selinux: Better local/forward check in selinux_ip_postroute()
It turns out that checking to see if skb->sk is NULL is not a very good
indicator of a forwarded packet as some locally generated packets also have
skb->sk set to NULL.  Fix this by not only checking the skb->sk field but also
the IP[6]CB(skb)->flags field for the IP[6]SKB_FORWARDED flag.  While we are
at it, we are calling selinux_parse_skb() much earlier than we really should
resulting in potentially wasted cycles parsing packets for information we
might no use; so shuffle the code around a bit to fix this.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
2008-10-10 10:16:30 -04:00
..
keys keys: remove unused key_alloc_sem 2008-06-06 11:29:11 -07:00
selinux selinux: Better local/forward check in selinux_ip_postroute() 2008-10-10 10:16:30 -04:00
smack security: Fix setting of PF_SUPERPRIV by __capable() 2008-08-14 22:59:43 +10:00
capability.c security: Fix setting of PF_SUPERPRIV by __capable() 2008-08-14 22:59:43 +10:00
commoncap.c security: Fix setting of PF_SUPERPRIV by __capable() 2008-08-14 22:59:43 +10:00
device_cgroup.c devcgroup: fix race against rmdir() 2008-09-02 19:21:38 -07:00
inode.c Kobject: convert remaining kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
Kconfig security: filesystem capabilities no longer experimental 2008-07-24 10:47:22 -07:00
Makefile security: remove dummy module 2008-07-14 15:03:04 +10:00
root_plug.c security: Fix setting of PF_SUPERPRIV by __capable() 2008-08-14 22:59:43 +10:00
security.c security: Fix setting of PF_SUPERPRIV by __capable() 2008-08-14 22:59:43 +10:00