1. 19 Oct, 2009 1 commit
    • Eric Dumazet's avatar
      inet: rename some inet_sock fields · c720c7e8
      Eric Dumazet authored
      In order to have better cache layouts of struct sock (separate zones
      for rx/tx paths), we need this preliminary patch.
      
      Goal is to transfert fields used at lookup time in the first
      read-mostly cache line (inside struct sock_common) and move sk_refcnt
      to a separate cache line (only written by rx path)
      
      This patch adds inet_ prefix to daddr, rcv_saddr, dport, num, saddr,
      sport and id fields. This allows a future patch to define these
      fields as macros, like sk_refcnt, without name clashes.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c720c7e8
  2. 24 Sep, 2009 1 commit
    • Paul Moore's avatar
      lsm: Use a compressed IPv6 string format in audit events · d8116591
      Paul Moore authored
      Currently the audit subsystem prints uncompressed IPv6 addresses which not
      only differs from common usage but also results in ridiculously large audit
      strings which is not a good thing.  This patch fixes this by simply converting
      audit to always print compressed IPv6 addresses.
      
      Old message example:
      
       audit(1253576792.161:30): avc:  denied  { ingress } for
        saddr=0000:0000:0000:0000:0000:0000:0000:0001 src=5000
        daddr=0000:0000:0000:0000:0000:0000:0000:0001 dest=35502 netif=lo
        scontext=system_u:object_r:unlabeled_t:s15:c0.c1023
        tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif
      
      New message example:
      
       audit(1253576792.161:30): avc:  denied  { ingress } for
        saddr=::1 src=5000 daddr=::1 dest=35502 netif=lo
        scontext=system_u:object_r:unlabeled_t:s15:c0.c1023
        tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif
      Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      d8116591
  3. 16 Aug, 2009 1 commit
    • Thomas Liu's avatar
      SELinux: Convert avc_audit to use lsm_audit.h · 2bf49690
      Thomas Liu authored
      Convert avc_audit in security/selinux/avc.c to use lsm_audit.h,
      for better maintainability.
      
       - changed selinux to use common_audit_data instead of
          avc_audit_data
       - eliminated code in avc.c and used code from lsm_audit.h instead.
      
      Had to add a LSM_AUDIT_NO_AUDIT to lsm_audit.h so that avc_audit
      can call common_lsm_audit and do the pre and post callbacks without
      doing the actual dump.  This makes it so that the patched version
      behaves the same way as the unpatched version.
      
      Also added a denied field to the selinux_audit_data private space,
      once again to make it so that the patched version behaves like the
      unpatched.
      
      I've tested and confirmed that AVCs look the same before and after
      this patch.
      Signed-off-by: default avatarThomas Liu <tliu@redhat.com>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      2bf49690
  4. 13 Apr, 2009 1 commit