[PATCH v2 24/25] Fix slotted list and getpeersec_d
Casey Schaufler
casey at schaufler-ca.com
Wed Jun 19 17:36:09 UTC 2019
On 6/18/2019 10:50 PM, Kees Cook wrote:
> On Tue, Jun 18, 2019 at 04:05:50PM -0700, Casey Schaufler wrote:
>> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> Was this supposed to be folded into patch 4?
The first hunk, yes. I'll do that in the next revision.
The second hunk I'm still debating whether this is the
right change, or whether the AppArmor socket_getpeersec_dgram
stub hook should just be deleted.
> -Kees
>
>> ---
>> security/security.c | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/security/security.c b/security/security.c
>> index 5a23ccec7c7b..8aca43ab3e81 100644
>> --- a/security/security.c
>> +++ b/security/security.c
>> @@ -461,6 +461,8 @@ int __init security_add_hooks(struct security_hook_list *hooks, int count,
>> hooks[i].head == &security_hook_heads.kernel_act_as ||
>> hooks[i].head ==
>> &security_hook_heads.socket_getpeersec_dgram ||
>> + hooks[i].head == &security_hook_heads.getprocattr ||
>> + hooks[i].head == &security_hook_heads.setprocattr ||
>> hooks[i].head == &security_hook_heads.secctx_to_secid ||
>> hooks[i].head == &security_hook_heads.release_secctx ||
>> hooks[i].head == &security_hook_heads.ipc_getsecid ||
>> @@ -2269,7 +2271,9 @@ int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb,
>> list) {
>> rc = hp->hook.socket_getpeersec_dgram(sock, skb,
>> &l->secid[hp->slot]);
>> - if (rc != 0)
>> + if (rc == -ENOPROTOOPT)
>> + rc = 0;
>> + else if (rc != 0)
>> break;
>> }
>> return rc;
>> --
>> 2.20.1
>>
More information about the Linux-security-module-archive
mailing list