linux/security/selinux
David Ahern 65ee00a940 net: nexthop uapi
New UAPI for nexthops as standalone objects:
- defines netlink ancillary header, struct nhmsg
- RTM commands for nexthop objects, RTM_*NEXTHOP,
- RTNLGRP for nexthop notifications, RTNLGRP_NEXTHOP,
- Attributes for creating nexthops, NHA_*
- Attribute for route specs to specify a nexthop by id, RTA_NH_ID.

The nexthop attributes and semantics follow the route and RTA ones for
device, gateway and lwt encap. Unique to nexthop objects are a blackhole
and a group which contains references to other nexthop objects. With the
exception of blackhole and group, nexthop objects MUST contain a device.
Gateway and encap are optional. Nexthop groups can only reference other
pre-existing nexthops by id. If the NHA_ID attribute is present that id
is used for the nexthop. If not specified, one is auto assigned.

Dump requests can include attributes:
- NHA_GROUPS to return only nexthop groups,
- NHA_MASTER to limit dumps to nexthops with devices enslaved to the
  given master (e.g., VRF)
- NHA_OIF to limit dumps to nexthops using given device

nlmsg_route_perms in selinux code is updated for the new RTM comands.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-05-28 21:37:30 -07:00
..
include treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
ss selinux/stable-5.2 PR 20190507 2019-05-07 18:48:09 -07:00
.gitignore SELinux: add .gitignore files for dynamic classes 2009-10-24 09:42:27 +08:00
avc.c selinux: fix avc audit messages 2019-02-05 12:34:33 -05:00
hooks.c selinux: do not report error on connect(AF_UNSPEC) 2019-05-20 21:46:02 -04:00
ibpkey.c selinux: wrap global selinux state 2018-03-01 18:48:02 -05:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile SELinux: Remove unused selinux_is_enabled 2019-01-08 13:18:44 -08:00
netif.c selinux: Cleanup printk logging in netif 2018-06-19 13:45:31 -04:00
netlabel.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
netlink.c selinux: Cleanup printk logging in netlink 2018-06-19 13:33:05 -04:00
netnode.c selinux: Cleanup printk logging in netnode 2018-06-19 13:49:10 -04:00
netport.c selinux: Cleanup printk logging in netport 2018-06-19 13:43:01 -04:00
nlmsgtab.c net: nexthop uapi 2019-05-28 21:37:30 -07:00
selinuxfs.c SELinux: Abstract use of inode security blob 2019-01-08 13:18:44 -08:00
xfrm.c SELinux: Abstract use of cred security blob 2019-01-08 13:18:44 -08:00