From: Paul Moore <paul.moore@hp.com>
Date: Fri, 10 Oct 2008 14:16:33 +0000 (-0400)
Subject: selinux: Set socket NetLabel based on connection endpoint
X-Git-Tag: v2.6.28-rc1~609^2~1^2^2~4
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=014ab19a69c325f52d7bae54ceeda73d6307ae0c;p=pandora-kernel.git

selinux: Set socket NetLabel based on connection endpoint

Previous work enabled the use of address based NetLabel selectors, which while
highly useful, brought the potential for additional per-packet overhead when
used.  This patch attempts to solve that by applying NetLabel socket labels
when sockets are connect()'d.  This should alleviate the per-packet NetLabel
labeling for all connected sockets (yes, it even works for connected DGRAM
sockets).

Signed-off-by: Paul Moore <paul.moore@hp.com>
Reviewed-by: James Morris <jmorris@namei.org>
---

Reading git-diff-tree failed