[PATCH 1/6] LSM: Infrastructure management of the sock security
Paul Moore
paul at paul-moore.com
Tue Jul 9 22:08:00 UTC 2024
On Jul 8, 2024 Casey Schaufler <casey at schaufler-ca.com> wrote:
>
> Move management of the sock->sk_security blob out
> of the individual security modules and into the security
> infrastructure. Instead of allocating the blobs from within
> the modules the modules tell the infrastructure how much
> space is required, and the space is allocated there.
>
> Acked-by: Paul Moore <paul at paul-moore.com>
> Reviewed-by: Kees Cook <keescook at chromium.org>
> Reviewed-by: John Johansen <john.johansen at canonical.com>
> Acked-by: Stephen Smalley <stephen.smalley.work at gmail.com>
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> ---
> include/linux/lsm_hooks.h | 1 +
> security/apparmor/include/net.h | 3 +-
> security/apparmor/lsm.c | 17 +------
> security/apparmor/net.c | 2 +-
> security/security.c | 36 +++++++++++++-
> security/selinux/hooks.c | 80 ++++++++++++++-----------------
> security/selinux/include/objsec.h | 5 ++
> security/selinux/netlabel.c | 23 ++++-----
> security/smack/smack.h | 5 ++
> security/smack/smack_lsm.c | 70 +++++++++++++--------------
> security/smack/smack_netfilter.c | 4 +-
> 11 files changed, 133 insertions(+), 113 deletions(-)
This looked fine before and with the only change being the additional
conversion in the SELinux MPTCP code it still looks good. I'm going to
merge this into lsm/dev-staging for testing with the idea of moving it
into lsm/dev after the upcoming merge window.
If you respin you don't need to resend this patch.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list