From: Harry Ciao <qingtao.cao@windriver.com>
Date: Wed, 2 Mar 2011 05:32:33 +0000 (+0800)
Subject: SELinux: Socket retains creator role and MLS attribute
X-Git-Tag: v2.6.39-rc1~486^2^2~1^2~3
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f5317e730505d5cbc851c435a2dfe3d5a21d343;p=pandora-kernel.git

SELinux: Socket retains creator role and MLS attribute

The socket SID would be computed on creation and no longer inherit
its creator's SID by default. Socket may have a different type but
needs to retain the creator's role and MLS attribute in order not
to break labeled networking and network access control.

The kernel value for a class would be used to determine if the class
if one of socket classes. If security_compute_sid is called from
userspace the policy value for a class would be mapped to the relevant
kernel value first.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
---

Reading git-diff-tree failed