[PATCH] lsm: fix default return value of the socket_getpeersec_* hooks
Paul Moore
paul at paul-moore.com
Tue Jan 30 22:01:53 UTC 2024
On Jan 26, 2024 Ondrej Mosnacek <omosnace at redhat.com> wrote:
>
> For these hooks the true "neutral" value is -EOPNOTSUPP, which is
> currently what is returned when no LSM provides this hook and what LSMs
> return when there is no security context set on the socket. Correct the
> value in <linux/lsm_hooks.h> and adjust the dispatch functions in
> security/security.c to avoid issues when the BPF LSM is enabled.
>
> Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks")
> Signed-off-by: Ondrej Mosnacek <omosnace at redhat.com>
> ---
> include/linux/lsm_hook_defs.h | 4 ++--
> security/security.c | 31 +++++++++++++++++++++++++++----
> 2 files changed, 29 insertions(+), 6 deletions(-)
I was originally going to merge this via lsm/dev, but thinking about
this some more today, and considering the other inode_getsecctx() fix,
I think this patch should be marked for stable too.
I'm going to merge this into lsm/stable-6.8 and assuming all the tests
come back clean (which they should), I'll send this up to Linus
tomorrow with the inode_getsecctx() fix.
Thanks all!
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list