[PATCH v2 1/5] lsm: Add hook unix_path_connect
Paul Moore
paul at paul-moore.com
Thu Jan 15 21:46:00 UTC 2026
On Thu, Jan 15, 2026 at 5:10 AM Günther Noack <gnoack3000 at gmail.com> wrote:
> On Tue, Jan 13, 2026 at 06:27:15PM -0500, Paul Moore wrote:
> > On Tue, Jan 13, 2026 at 4:34 AM Christian Brauner <brauner at kernel.org> wrote:
> > > On Sat, Jan 10, 2026 at 03:32:57PM +0100, Günther Noack wrote:
> > > > From: Justin Suess <utilityemal77 at gmail.com>
> > > >
> > > > Adds an LSM hook unix_path_connect.
> > > >
> > > > This hook is called to check the path of a named unix socket before a
> > > > connection is initiated.
> > > >
> > > > Cc: Günther Noack <gnoack3000 at gmail.com>
> > > > Signed-off-by: Justin Suess <utilityemal77 at gmail.com>
> > > > ---
> > > > include/linux/lsm_hook_defs.h | 4 ++++
> > > > include/linux/security.h | 11 +++++++++++
> > > > net/unix/af_unix.c | 9 +++++++++
> > > > security/security.c | 20 ++++++++++++++++++++
> > > > 4 files changed, 44 insertions(+)
...
> On the other side, I see the following drawbacks:
>
> * The more serious surgery in af_unix, which Paul also discussed:
Not to take away from what Günther already mentioned, but my concern
about extending the path beyond the unix_find_bsd() function for the
sake of the LSM is that history has shown that the easiest (this is
very much a relative statement) approach towards acceptance of a new
LSM hook is to keep the addition/patch as small as possible while
still being useful. Making the addition of a new LSM hook dependent
on significant changes outside of the security/ directory often
results in failure.
> Overall, I am not convinced that using pre-existing hooks is the right
> way and I would prefer the approach where we have a more dedicated LSM
> hook for the path lookup.
>
> Does that seem reasonable? Let me know what you think.
I believe it's definitely the "path" (sorry) of least resistance.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list