summaryrefslogtreecommitdiffstats
path: root/security/selinux/include
diff options
context:
space:
mode:
authorTrent Jaeger <tjaeger@cse.psu.edu>2006-01-06 13:22:39 -0800
committerDavid S. Miller <davem@davemloft.net>2006-01-06 13:22:39 -0800
commit5f8ac64b15172c7ced7d7990eb28342092bc751b (patch)
tree63046817c9a6e8db513379337f01289c045a5d63 /security/selinux/include
parent69549ddd2f894c4cead50ee2b60cc02990c389ad (diff)
[LSM-IPSec]: Corrections to LSM-IPSec Nethooks
This patch contains two corrections to the LSM-IPsec Nethooks patches previously applied. (1) free a security context on a failed insert via xfrm_user interface in xfrm_add_policy. Memory leak. (2) change the authorization of the allocation of a security context in a xfrm_policy or xfrm_state from both relabelfrom and relabelto to setcontext. Signed-off-by: Trent Jaeger <tjaeger@cse.psu.edu> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/selinux/include')
-rw-r--r--security/selinux/include/av_perm_to_string.h3
-rw-r--r--security/selinux/include/av_permissions.h3
2 files changed, 2 insertions, 4 deletions
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 71aeb12f07c..591e98d9315 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -238,5 +238,4 @@
S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
- S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELFROM, "relabelfrom")
- S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELTO, "relabelto")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index d1d0996049e..d7f02edf393 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -908,8 +908,7 @@
#define ASSOCIATION__SENDTO 0x00000001UL
#define ASSOCIATION__RECVFROM 0x00000002UL
-#define ASSOCIATION__RELABELFROM 0x00000004UL
-#define ASSOCIATION__RELABELTO 0x00000008UL
+#define ASSOCIATION__SETCONTEXT 0x00000004UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL