• Paul Moore's avatar
    selinux: Support for the new TUN LSM hooks · ed6d76e4
    Paul Moore authored
    Add support for the new TUN LSM hooks: security_tun_dev_create(),
    security_tun_dev_post_create() and security_tun_dev_attach().  This includes
    the addition of a new object class, tun_socket, which represents the socks
    associated with TUN devices.  The _tun_dev_create() and _tun_dev_post_create()
    hooks are fairly similar to the standard socket functions but _tun_dev_attach()
    is a bit special.  The _tun_dev_attach() is unique because it involves a
    domain attaching to an existing TUN device and its associated tun_socket
    object, an operation which does not exist with standard sockets and most
    closely resembles a relabel operation.
    Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
    Acked-by: default avatarEric Paris <eparis@parisplace.org>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    ed6d76e4
av_permissions.h 53.8 KB