[PATCH] selinux: add IPv6 support
From: James Morris <jmorris@redhat.com> The patch below adds explicit IPv6 support to SELinux. Brief description of changes: o IPv6 networking is now subject to the same controls as IPv4 (in addition to the generic socket permissions which cover all protocols), namely: bind to local node address; bind to local port; send & receive TCP/UDP and raw IP packets based on local network interface and remote node address. o Packet parsing has been extended to IPv6 packets for logging and control, and simplified for IPv4. o Support for logging of IPv6 addresses has also been added. o The kernel policy database code has been modified to support IPv6, and reworked to provide generic security policy version handling so that older policy versions will still work, making upgrading simpler. Corresponding userspace patches are available at <http://people.redhat.com/jmorris/selinux/ipv6/>, although current userspace tools will continue to function normally (but without explicit IPv6 support). For more details at the security management level, see <http://marc.theaimsgroup.com/?l=selinux&m=108068187630948&w=2> This code has been under testing and review for several weeks.
Showing
Please register or sign in to comment