evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net
History
Paul Moore f8687afefc [NetLabel]: protect the CIPSOv4 socket option from setsockopt() 
This patch makes two changes to protect applications from either removing or
tampering with the CIPSOv4 IP option on a socket.  The first is the requirement
that applications have the CAP_NET_RAW capability to set an IPOPT_CIPSO option
on a socket; this prevents untrusted applications from setting their own
CIPSOv4 security attributes on the packets they send.  The second change is to
SELinux and it prevents applications from setting any IPv4 options when there
is an IPOPT_CIPSO option already present on the socket; this prevents
applications from removing CIPSOv4 security attributes from the packets they
send.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-10-30 15:24:49 -08:00
..
802 [TR]: endiannness annotations 2006-09-28 17:53:59 -07:00
8021q [PATCH] Finish annotations of struct vlan_ethhdr 2006-10-10 16:15:34 -07:00
appletalk [APPLETALK]: Fix potential OOPS in atalk_sendmsg(). 2006-10-30 15:24:34 -08:00
atm [ATM]: handle sysfs errors 2006-10-21 19:55:22 -07:00
ax25
bluetooth [Bluetooth] Fix HID disconnect NULL pointer dereference 2006-10-20 01:15:05 -07:00
bridge [BRIDGE]: correct print message typo 2006-10-25 23:07:37 -07:00
core [NET]: Fix segmentation of linear packets 2006-10-30 15:24:36 -08:00
dccp [DCCP]: fix printk format warnings 2006-10-30 15:24:37 -08:00
decnet [DECNET]: Fix input routing bug 2006-10-18 20:45:22 -07:00
econet
ethernet [NET]: Annotate dst_ops protocol 2006-09-28 18:02:58 -07:00
ieee80211 [CRYPTO] users: Select ECB/CBC where needed 2006-10-25 16:51:05 +10:00
ipv4 [NetLabel]: protect the CIPSOv4 socket option from setsockopt() 2006-10-30 15:24:49 -08:00
ipv6 [NETFILTER]: Missed and reordered checks in {arp,ip,ip6}_tables 2006-10-30 15:24:44 -08:00
ipx
irda [PATCH] strndup() would better take size_t, not int 2006-10-10 15:37:24 -07:00
key IPsec: correct semantics for SELinux policy matching 2006-10-11 23:59:37 -07:00
lapb
llc
netfilter [NETFILTER]: nf_conntrack: add missing unlock in get_next_corpse() 2006-10-30 15:24:46 -08:00
netlabel NetLabel: fix a cache race condition 2006-10-11 23:59:29 -07:00
netlink [NET]: fix uaccess handling 2006-10-30 15:24:41 -08:00
netrom
packet [NET]: Fix sk->sk_filter field access 2006-09-22 15:18:47 -07:00
rose
rxrpc [PATCH] kmemdup: some users 2006-10-01 00:39:19 -07:00
sched [PKT_SCHED] netem: Orphan SKB when adding to queue. 2006-10-22 21:00:33 -07:00
sctp [SCTP]: Always linearise packet on input 2006-10-30 15:24:39 -08:00
sunrpc [PATCH] fix "sunrpc: fix refcounting problems in rpc servers" 2006-10-30 12:12:21 -08:00
tipc [TIPC]: Updated TIPC version number to 1.6.2 2006-10-18 19:55:24 -07:00
unix [AF_UNIX]: Change max_dgram_qlen sysctl to __read_mostly 2006-09-22 15:18:42 -07:00
wanrouter
x25
xfrm [XFRM] xfrm_user: Fix unaligned accesses. 2006-10-30 15:24:35 -08:00
compat.c [NET]: File descriptor loss while receiving SCM_RIGHTS 2006-10-11 23:59:48 -07:00
Kconfig [NET] Kconfig: fix cut/paste error in TCPPROBE 2006-09-28 17:53:57 -07:00
Makefile
nonet.c
socket.c [PATCH] file: modify struct fown_struct to use a struct pid 2006-10-02 07:57:14 -07:00
sysctl_net.c
TUNABLE