SELinux changes in the 2.6.17 kernel

July 12th, 2006 | Tags:

Here’s a summary of the SELinux-related changes in the recently released 2.6.17 kernel.

Alexey Dobriyan

Darrel Goeddel

Steve Grubb

Serge Hallyn

Dustin Kirkland

Ingo Molnar

James Morris

Jamal Hadi Salim

Stephen Smalley

Ron Yorston

Catherine Zhang

  • TCP/UDP getpeersec. This provides a mechanism for applications to determine the security context of peers they’re communicating with, via IPSec xfrm labeling. For TCP, there’s a new SO_GETPEERSEC option for getsockopt() which returns the peer security context. For UDP, the peer security context may be retrieved on a per-message basis after setting a new IP_PASSEC socket option, then accessing the value via CMSG auxiliary data.
  • Authorize deletion of IPSec/xfrm labeling policies.
Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
    bodytext del.icio.us Facebook Google IndianPad Mixx Reddit StumbleUpon Slashdot E-mail this story to a friend! Print this article!
Comments are closed.