CRED: Make execve() take advantage of copy-on-write credentials

[deliverable/linux.git] / security / selinux / include / objsec.h

diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 91070ab874ce8b1255fadfff9f99aac0ce5bcc60..3cc45168f674fbe6c98c89f9597398af6778a95a 100644 (file)
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -77,17 +77,6 @@ struct ipc_security_struct {
        u32 sid;        /* SID of IPC resource */
 };
 
-struct bprm_security_struct {
-       u32 sid;                /* SID for transformed process */
-       unsigned char set;
-
-       /*
-        * unsafe is used to share failure information from bprm_apply_creds()
-        * to bprm_post_apply_creds().
-        */
-       char unsafe;
-};
-
 struct netif_security_struct {
        int ifindex;                    /* device index */
        u32 sid;                        /* SID for this interface */
@@ -109,16 +98,19 @@ struct netport_security_struct {
 };
 
 struct sk_security_struct {
-       u32 sid;                        /* SID of this object */
-       u32 peer_sid;                   /* SID of peer */
-       u16 sclass;                     /* sock security class */
 #ifdef CONFIG_NETLABEL
        enum {                          /* NetLabel state */
                NLBL_UNSET = 0,
                NLBL_REQUIRE,
                NLBL_LABELED,
+               NLBL_REQSKB,
+               NLBL_CONNLABELED,
        } nlbl_state;
+       struct netlbl_lsm_secattr *nlbl_secattr; /* NetLabel sec attributes */
 #endif
+       u32 sid;                        /* SID of this object */
+       u32 peer_sid;                   /* SID of peer */
+       u16 sclass;                     /* sock security class */
 };
 
 struct key_security_struct {