[PATCH v6] lsm: Add LSM hook security_unix_find
Mickaël Salaün
mic at digikod.net
Mon Feb 23 16:09:53 UTC 2026
On Sat, Feb 21, 2026 at 08:22:46AM -0500, Justin Suess wrote:
> On Fri, Feb 20, 2026 at 04:49:34PM +0100, Günther Noack wrote:
> > Hello!
> >
> > On Thu, Feb 19, 2026 at 03:04:59PM -0500, Justin Suess wrote:
> > > diff --git a/security/security.c b/security/security.c
> > > index 67af9228c4e9..c73196b8db4b 100644
> > > --- a/security/security.c
> > > +++ b/security/security.c
> > > @@ -4731,6 +4731,26 @@ int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk)
> > >
> > > #endif /* CONFIG_SECURITY_NETWORK */
> > >
> > > +#if defined(CONFIG_SECURITY_NETWORK) && defined(CONFIG_SECURITY_PATH)
> > > +/**
> > > + * security_unix_find() - Check if a named AF_UNIX socket can connect
> > > + * @path: path of the socket being connected to
> > > + * @other: peer sock
> > > + * @flags: flags associated with the socket
> > > + *
> > > + * This hook is called to check permissions before connecting to a named
> > > + * AF_UNIX socket.
> >
> > Nit: Could we please insert a sentence about locking here?
> >
> > Something like:
> >
> > The caller holds no locks on @other.
> >
> > (Originally brought up by Mickaël in
> > https://lore.kernel.org/all/20260217.lievaS8eeng8@digikod.net/)
> >
> > Thanks,
> > –Günther
> Sounds good. Would a "Link:" to the mentioned thread be appropriate in the commit
> message?
Feel free to include relevant parts of our discussion in the commit
message, which would make a Link redundant. I think a Link is useful if
the commit message doesn't contain the whole context or misses
information, which is often the case wrt discussions or long emails.
>
> I feel like the reasoning for this is subtle but important for hook
> consumers.
Indeed. That should be explained in the hook comment.
>
> Justin
>
More information about the Linux-security-module-archive
mailing list