From 3e3ff15e6d8ba931fa9a6c7f9fe711edc77e96e5 Mon Sep 17 00:00:00 2001
From: "Christopher J. PeBenito" <cpebenito@tresys.com>
Date: Fri, 9 Jun 2006 00:25:03 -0700
Subject: [SELINUX]: add security class for appletalk sockets

Add a security class for appletalk sockets so that they can be
distinguished in SELinux policy.  Please apply.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 security/selinux/include/flask.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'security/selinux/include/flask.h')

diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index eb9f50823f6e..e4c8535d78c2 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -60,6 +60,7 @@
 #define SECCLASS_NSCD                                    53
 #define SECCLASS_ASSOCIATION                             54
 #define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET           55
+#define SECCLASS_APPLETALK_SOCKET                        56
 
 /*
  * Security identifier indices for initial entities
-- 
cgit v1.2.1


From 29a395eac4c320c570e73f0a90d8953d80da8359 Mon Sep 17 00:00:00 2001
From: James Morris <jmorris@namei.org>
Date: Fri, 9 Jun 2006 00:27:28 -0700
Subject: [SECMARK]: Add new flask definitions to SELinux

Secmark implements a new scheme for adding security markings to
packets via iptables, as well as changes to SELinux to use these
markings for security policy enforcement.  The rationale for this
scheme is explained and discussed in detail in the original threads:

 http://thread.gmane.org/gmane.linux.network/34927/
 http://thread.gmane.org/gmane.linux.network/35244/

Examples of policy and rulesets, as well as a full archive of patches
for iptables and SELinux userland, may be found at:

http://people.redhat.com/jmorris/selinux/secmark/

The code has been tested with various compilation options and in
several scenarios, including with 'complicated' protocols such as FTP
and also with the new generic conntrack code with IPv6 connection
tracking.

This patch:

Add support for a new object class ('packet'), and associated
permissions ('send', 'recv', 'relabelto').  These are used to enforce
security policy for network packets labeled with SECMARK, and for
adding labeling rules.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 security/selinux/include/flask.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'security/selinux/include/flask.h')

diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index e4c8535d78c2..a0eb9e281d18 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -61,6 +61,7 @@
 #define SECCLASS_ASSOCIATION                             54
 #define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET           55
 #define SECCLASS_APPLETALK_SOCKET                        56
+#define SECCLASS_PACKET                                  57
 
 /*
  * Security identifier indices for initial entities
-- 
cgit v1.2.1