Re: [RFC PATCH 0/5] kdbus: add support for lsm

From: Karol Lewandowski
Date: Sat Nov 08 2014 - 19:08:41 EST

Next message: Olof Johansson: "Re: [PATCH v8 4/8] ARM: dts: Enable Broadcom Cygnus SoC"
Previous message: SÃren Brinkmann: "Re: [PATCH RESEND] PM / sleep: Fix racing timers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 07, 2014 at 10:01:20AM -0800, Greg KH wrote:
> On Fri, Oct 31, 2014 at 05:36:32PM +0100, Karol Lewandowski wrote:
> > This is set of EXPERIMENTAL patches adding lsm support to kdbus.
> > (Rebased on top of v3.17.)
> >
> > >From least to most invasive:
> >
> > - (1) kdbus: extend structures with security pointer for lsm
> >
> > Trivial. Applicable as-is.
> >
> > - (2) security: export security_file_receive for modules
> > (3) kdbus: check if lsm permits installing received fds
> >
> > fd_install doesn't seem to consult LSM, these patches
> > ensure that receiving process has the right to sent fds.
> >
> > Compile-tested only.
> >
> > - (4) security: introduce lsm hooks for kdbus
> > (5) kdbus: make use of new lsm hooks
> >
> > Set of proof-of-concept hooks discussed previously with Paul Moore.
> >
> > kdbus integration patch (5) for review, but unlikely for integration
> > at this stage.
> >
> > Likewise, compile-tested only.
> >
> >
> > Karol Lewandowski (5):
> > kdbus: extend structures with security pointer for lsm
> > security: export security_file_receive for modules
> > kdbus: check if lsm permits installing received fds
> > security: introduce lsm hooks for kdbus
> > kdbus: make use of new lsm hooks
>
> These looks reasonable to me, thanks for sending them. They will need
> to be refreshed again after this next round of changes, but it shouldn't
> be that hard to do so.

Sure thing.

For completness - there are accompanying Smack and SELinux patches that
could go together with above patches, ie.

https://github.com/lmctl/linux/commit/103c26fd27d1ec8c32d85dd3d85681f936ac66fb

http://git.infradead.org/users/pcmoore/selinux/commitdiff/eef4844f91fef6092b6bfac941ebe7f18375be9d

I've got some free time on my hands now, so I'll try to revisit these too.

Cheers,
Karol Lewandowski
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Olof Johansson: "Re: [PATCH v8 4/8] ARM: dts: Enable Broadcom Cygnus SoC"
Previous message: SÃren Brinkmann: "Re: [PATCH RESEND] PM / sleep: Fix racing timers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]