• Andrew Morton's avatar
    [PATCH] selinux: add IPv6 support · 5e752b7e
    Andrew Morton authored
    From: James Morris <jmorris@redhat.com>
    
    The patch below adds explicit IPv6 support to SELinux.
    
    Brief description of changes:
    
    o IPv6 networking is now subject to the same controls as IPv4 (in
      addition to the generic socket permissions which cover all protocols),
      namely: bind to local node address; bind to local port; send & receive
      TCP/UDP and raw IP packets based on local network interface and remote
      node address.
    
    o Packet parsing has been extended to IPv6 packets for logging and
      control, and simplified for IPv4.
    
    o Support for logging of IPv6 addresses has also been added.
    
    o The kernel policy database code has been modified to support IPv6, and
      reworked to provide generic security policy version handling so that
      older policy versions will still work, making upgrading simpler.
    
    Corresponding userspace patches are available at
    <http://people.redhat.com/jmorris/selinux/ipv6/>, although current
    userspace tools will continue to function normally (but without explicit
    IPv6 support).
    
    For more details at the security management level, see
    <http://marc.theaimsgroup.com/?l=selinux&m=108068187630948&w=2>
    
    This code has been under testing and review for several weeks.
    5e752b7e
security.h 2.34 KB