kernel-fxtec-pro1x/drivers/net
Paul Moore 5dbbaf2de8 tun: fix LSM/SELinux labeling of tun/tap devices
This patch corrects some problems with LSM/SELinux that were introduced
with the multiqueue patchset.  The problem stems from the fact that the
multiqueue work changed the relationship between the tun device and its
associated socket; before the socket persisted for the life of the
device, however after the multiqueue changes the socket only persisted
for the life of the userspace connection (fd open).  For non-persistent
devices this is not an issue, but for persistent devices this can cause
the tun device to lose its SELinux label.

We correct this problem by adding an opaque LSM security blob to the
tun device struct which allows us to have the LSM security state, e.g.
SELinux labeling information, persist for the lifetime of the tun
device.  In the process we tweak the LSM hooks to work with this new
approach to TUN device/socket labeling and introduce a new LSM hook,
security_tun_dev_attach_queue(), to approve requests to attach to a
TUN queue via TUNSETQUEUE.

The SELinux code has been adjusted to match the new LSM hooks, the
other LSMs do not make use of the LSM TUN controls.  This patch makes
use of the recently added "tun_socket:attach_queue" permission to
restrict access to the TUNSETQUEUE operation.  On older SELinux
policies which do not define the "tun_socket:attach_queue" permission
the access control decision for TUNSETQUEUE will be handled according
to the SELinux policy's unknown permission setting.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eric Paris <eparis@parisplace.org>
Tested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14 18:16:59 -05:00
..
appletalk
arcnet ARCNET: remove __dev* attributes 2012-12-03 11:16:10 -08:00
bonding bonding: do not cancel works in bond_uninit() 2012-12-14 13:14:07 -05:00
caif
can can: sja1000: fix compilation on x86 2012-12-15 17:14:38 -08:00
cris
dsa dsa: Hide core config options; make drivers select what they need 2012-11-26 17:10:44 -05:00
ethernet be2net: fix unconditionally returning IRQ_HANDLED in INTx 2013-01-12 15:33:01 -08:00
fddi drivers/net: fix up function prototypes after __dev* removals 2012-12-07 14:22:22 -05:00
hamradio sections: fix section conflicts in drivers/net/hamradio 2012-10-06 03:04:43 +09:00
hippi drivers/net: fix up function prototypes after __dev* removals 2012-12-07 14:22:22 -05:00
hyperv hyperv: Add an error message to rndis_filter_set_device_mac() 2012-11-30 15:02:56 -05:00
ieee802154 ieee802154: remove __dev* attributes 2012-12-03 11:16:56 -08:00
irda drivers/net: fix up function prototypes after __dev* removals 2012-12-07 14:22:22 -05:00
phy net: phy: smsc: Fix config_init typo 2012-12-07 14:26:15 -05:00
plip
ppp ppp: make ppp_get_stats64 static 2012-11-01 12:38:31 -04:00
slip
team team: fix hw_features setup 2012-11-28 11:39:22 -05:00
usb net: qmi_wwan: add Telekom Speedstick LTE II 2012-12-28 15:28:34 -08:00
vmxnet3 vmxnet3: remove __dev* attributes 2012-12-03 11:17:06 -08:00
wan Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-12-12 18:07:07 -08:00
wimax i2400m: add Intel 6150 device IDs 2012-12-15 17:14:38 -08:00
wireless Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2013-01-09 11:01:37 -05:00
xen-netback xen: netback: handle compound page fragments on transmit. 2012-10-10 22:50:45 -04:00
dummy.c
eql.c
ifb.c
Kconfig vxlan: Depend on CONFIG_INET 2012-10-02 14:37:31 -04:00
LICENSE.SRC
loopback.c net: loopback: set default mtu to 64K 2012-09-24 16:23:53 -04:00
macvlan.c netlink: add attributes to fdb interface 2012-10-01 18:39:44 -04:00
macvtap.c
Makefile vxlan: virtual extensible lan 2012-10-01 18:39:45 -04:00
mdio.c
mii.c
netconsole.c netconsole: add oops_only module option 2012-11-08 22:06:36 -05:00
rionet.c rapidio/rionet: rework to support multiple RIO master ports 2012-10-06 03:05:23 +09:00
sb1000.c
Space.c
sungem_phy.c Fix misspellings of "whether" in comments. 2012-11-19 14:31:35 +01:00
tun.c tun: fix LSM/SELinux labeling of tun/tap devices 2013-01-14 18:16:59 -05:00
veth.c rtnelink: remove unused parameter from rtnl_create_link(). 2012-11-30 12:24:40 -05:00
virtio_net.c Some nice cleanups, and even a patch my wife did as a "live" demo for 2012-12-20 08:37:05 -08:00
vxlan.c vxlan: allow live mac address change 2013-01-03 01:58:13 -08:00
xen-netfront.c xen/netfront: improve truesize tracking 2013-01-07 19:51:19 -08:00