selinux June 2013 archive
Main Archive Page > Month Archives  > selinux archives
selinux: [PATCH 0/8] Labeled IPsec cleanups

[PATCH 0/8] Labeled IPsec cleanups

From: Paul Moore <pmoore_at_nospam>
Date: Fri Jun 14 2013 - 19:03:31 GMT

The SELinux labeled IPsec has languished for a few years without any
housekeeping, this patchset attempts to tidy up the code and sweep
away the dust bunnies hiding in the corners.

Most of the patchset is fairly trivial with the exception of the first
patch (1/8) which has some substance to it but doesn't actually affect
the behavior of the labeled IPsec code, it just makes it more sensible.

--- Paul Moore (8): lsm: split the xfrm_state_alloc_security() hook implementation selinux: cleanup and consolidate the XFRM alloc/clone/delete/free code selinux: cleanup selinux_xfrm_policy_lookup() and selinux_xfrm_state_pol_flow_match() selinux: cleanup selinux_xfrm_sock_rcv_skb() and selinux_xfrm_postroute_last() selinux: cleanup some comment and whitespace issues in the XFRM code selinux: cleanup selinux_xfrm_decode_session() selinux: cleanup the XFRM header selinux: remove the BUG_ON() from selinux_skb_xfrm_sid() include/linux/security.h | 26 ++ security/capability.c | 15 + security/security.c | 13 - security/selinux/hooks.c | 11 + security/selinux/include/xfrm.h | 45 ++-- security/selinux/xfrm.c | 453 +++++++++++++++++---------------------- 6 files changed, 262 insertions(+), 301 deletions(-) -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.