From 220deb966ea51e0dedb6a187c0763120809f3e64 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Tue, 29 Jan 2008 08:38:23 -0500 Subject: SELinux: Better integration between peer labeling subsystems Rework the handling of network peer labels so that the different peer labeling subsystems work better together. This includes moving both subsystems to a single "peer" object class which involves not only changes to the permission checks but an improved method of consolidating multiple packet peer labels. As part of this work the inbound packet permission check code has been heavily modified to handle both the old and new behavior in as sane a fashion as possible. Signed-off-by: Paul Moore Signed-off-by: James Morris --- security/selinux/include/objsec.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/selinux/include/objsec.h') diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 95fb5ec1735..c6c2bb4ebac 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -113,8 +113,8 @@ struct sk_security_struct { struct sock *sk; /* back pointer to sk object */ u32 sid; /* SID of this object */ u32 peer_sid; /* SID of peer */ -#ifdef CONFIG_NETLABEL u16 sclass; /* sock security class */ +#ifdef CONFIG_NETLABEL enum { /* NetLabel state */ NLBL_UNSET = 0, NLBL_REQUIRE, -- cgit v1.2.3-18-g5258