Following this email will be the LSM (Linux Security Modules) networking code split up into eight patches for submission to the mainline kernel. Since the last submission of these patches, improvements have been made to the LSM code based on feedback from maintainers and the community. The LSM hooks are now implemented as static inlines in the main kernel, and may be compiled out, while the LSM networking code is now generally configurable via CONFIG_SECURITY_NETWORK. This work was done by Stephen Smalley. The configuration exceptions are the two Netlink hooks and the ip_decode_options() hook, which always need to be present as they implement default capabilities logic. The rest of the hooks disappear when not enabled. Cumulative summary: include/linux/ip.h | 1 include/linux/netdevice.h | 4 include/linux/security.h | 807 +++++++++++++++++++++++++++++++++++++++++- include/linux/skbuff.h | 3 include/linux/tcp.h | 11 include/net/sock.h | 16 include/net/tcp.h | 26 + net/core/datagram.c | 5 net/core/dev.c | 3 net/core/rtnetlink.c | 3 net/core/skbuff.c | 16 net/core/sock.c | 6 net/ipv4/ah.c | 2 net/ipv4/ip_fragment.c | 7 net/ipv4/ip_gre.c | 3 net/ipv4/ip_options.c | 5 net/ipv4/ip_output.c | 3 net/ipv4/ipip.c | 4 net/ipv4/ipmr.c | 4 net/ipv4/netfilter/ip_queue.c | 3 net/ipv4/syncookies.c | 3 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_minisocks.c | 6 net/netlink/af_netlink.c | 8 net/socket.c | 72 +++ net/unix/af_unix.c | 16 security/Kconfig | 9 security/capability.c | 30 + security/dummy.c | 267 +++++++++++++ 29 files changed, 1334 insertions(+), 17 deletions(-) (Note that more information on LSM can be found at http://lsm.immunix.org/). - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 14:46:35 PST