Re: [PATCH v2 2/2] selinux: Implement mptcp_add_subflow hook

From: Paul Moore
Date: Thu May 18 2023 - 13:12:14 EST

Next message: SeongJae Park: "Re: [PATCH v2 2/5] mm: damon must atomically clear young on ptes and pmds"
Previous message: Paul Moore: "Re: [PATCH v2 1/2] security, lsm: Introduce security_mptcp_add_subflow()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Apr 20, 2023 Matthieu Baerts <matthieu.baerts@xxxxxxxxxxxx> wrote:
>
> Newly added subflows should inherit the LSM label from the associated
> MPTCP socket regardless of the current context.
>
> This patch implements the above copying sid and class from the MPTCP
> socket context, deleting the existing subflow label, if any, and then
> re-creating the correct one.
>
> The new helper reuses the selinux_netlbl_sk_security_free() function,
> and the latter can end-up being called multiple times with the same
> argument; we additionally need to make it idempotent.
>
> Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
> Acked-by: Matthieu Baerts <matthieu.baerts@xxxxxxxxxxxx>
> Signed-off-by: Matthieu Baerts <matthieu.baerts@xxxxxxxxxxxx>
> ---
> v2:
> - Address Paul's comments:
> - use "MPTCP socket" instead of "msk" in the commit message
> - "updated" context instead of "current" one in the comment
> ---
> security/selinux/hooks.c | 16 ++++++++++++++++
> security/selinux/netlabel.c | 8 ++++++--
> 2 files changed, 22 insertions(+), 2 deletions(-)

Also merged into selinux/next, thanks again.

--
paul-moore.com

Next message: SeongJae Park: "Re: [PATCH v2 2/5] mm: damon must atomically clear young on ptes and pmds"
Previous message: Paul Moore: "Re: [PATCH v2 1/2] security, lsm: Introduce security_mptcp_add_subflow()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]