tmp_suning_uos_patched/security
Eric Paris 6a25b27d60 SELinux: open perm for sock files
When I did open permissions I didn't think any sockets would have an open.
Turns out AF_UNIX sockets can have an open when they are bound to the
filesystem namespace.  This patch adds a new SOCK_FILE__OPEN permission.
It's safe to add this as the open perms are already predicated on
capabilities and capabilities means we have unknown perm handling so
systems should be as backwards compatible as the policy wants them to
be.

https://bugzilla.redhat.com/show_bug.cgi?id=475224

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2009-03-06 08:50:18 +11:00
..
integrity/ima integrity: ima iint radix_tree_lookup locking fix 2009-02-23 09:54:53 +11:00
keys keys: make procfiles per-user-namespace 2009-02-27 12:35:15 +11:00
selinux SELinux: open perm for sock files 2009-03-06 08:50:18 +11:00
smack smack: fixes for unlabeled host support 2009-03-05 08:30:01 +11:00
tomoyo TOMOYO: Do not call tomoyo_realpath_init unless registered. 2009-02-23 09:45:05 +11:00
capability.c Revert "CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]" 2009-01-07 09:21:54 +11:00
commoncap.c Merge branch 'next' into for-linus 2009-01-07 09:58:22 +11:00
device_cgroup.c devices cgroup: allow mkfifo 2009-01-08 08:31:03 -08:00
inode.c Merge branch 'master' into next 2009-02-06 11:01:45 +11:00
Kconfig Kconfig and Makefile 2009-02-12 15:19:00 +11:00
Makefile security: change link order of LSMs so security=tomoyo works 2009-02-12 16:29:04 +11:00
root_plug.c Revert "CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]" 2009-01-07 09:21:54 +11:00
security.c Merge branch 'next' into for-linus 2009-01-07 09:58:22 +11:00