• Paul Moore's avatar
    SELinux: Better integration between peer labeling subsystems · 220deb96
    Paul Moore authored
    Rework the handling of network peer labels so that the different peer labeling
    subsystems work better together.  This includes moving both subsystems to a
    single "peer" object class which involves not only changes to the permission
    checks but an improved method of consolidating multiple packet peer labels.
    As part of this work the inbound packet permission check code has been heavily
    modified to handle both the old and new behavior in as sane a fashion as
    possible.
    Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    220deb96
netlabel.c 10.2 KB