From: Paul Moore <paul.moore@hp.com>
To: Eric Paris <eparis@redhat.com>
Cc: linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org,
netfilter@vger.kernel.org, jmorris@namei.org,
selinux@tycho.nsa.gov, sds@tycho.nsa.gov, jengelh@medozas.de,
linux-security-module@vger.kernel.org,
mr.dash.four@googlemail.com, pablo@netfilter.org
Subject: Re: [PATCH 4/5] conntrack: export lsm context rather than internal secid via netlink
Date: Tue, 12 Oct 2010 19:14:44 -0400 [thread overview]
Message-ID: <1286925284.5133.98.camel@sifl> (raw)
In-Reply-To: <20101012154028.26943.6918.stgit@paris.rdu.redhat.com>
On Tue, 2010-10-12 at 11:40 -0400, Eric Paris wrote:
> The conntrack code can export the internal secid to userspace. These are
> dynamic, can change on lsm changes, and have no meaning in userspace. We
> should instead be sending lsm contexts to userspace instead. This patch sends
> the secctx (rather than secid) to userspace over the netlink socket. We use a
> new field CTA_SECCTX and stop using the the old CTA_SECMARK field since it did
> not send particularly useful information.
Looks fine to me in principal, just a nit-picky comment below ...
> -ctnetlink_dump_secmark(struct sk_buff *skb, const struct nf_conn *ct)
> +ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
> {
> - NLA_PUT_BE32(skb, CTA_SECMARK, htonl(ct->secmark));
> - return 0;
> + struct nlattr *nest_secctx;
> + int len, ret;
> + char *secctx;
> +
> + ret = security_secid_to_secctx(ct->secmark, &secctx, &len);
> + if (ret)
> + return ret;
> +
> + ret = -1;
> + nest_secctx = nla_nest_start(skb, CTA_SECCTX | NLA_F_NESTED);
> + if (!nest_secctx)
> + goto nla_put_failure;
>
> + NLA_PUT_STRING(skb, CTA_SECCTX_NAME, secctx);
> + nla_nest_end(skb, nest_secctx);
> +
> + ret = 0;
> nla_put_failure:
> - return -1;
> + security_release_secctx(secctx, len);
> + return ret;
> }
All the ret assignments bother me, I also don't think "nla_put_failure"
is a good choice since we run this code both on success and failure -
how about this:
ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
{
struct nlattr *nest_secctx;
int len, ret;
char *secctx;
ret = security_secid_to_secctx(ct->secmark, &secctx, &len);
if (ret)
return ret;
nest_secctx = nla_nest_start(skb, CTA_SECCTX | NLA_F_NESTED);
if (!nest_secctx) {
ret = -1;
goto dump_secctx_out;
}
NLA_PUT_STRING(skb, CTA_SECCTX_NAME, secctx);
nla_nest_end(skb, nest_secctx);
dump_secctx_out:
security_release_secctx(secctx, len);
return ret;
}
--
paul moore
linux @ hp
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <paul.moore@hp.com>
To: Eric Paris <eparis@redhat.com>
Cc: linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org,
netfilter@vger.kernel.org, jmorris@namei.org,
selinux@tycho.nsa.gov, sds@tycho.nsa.gov, jengelh@medozas.de,
linux-security-module@vger.kernel.org,
mr.dash.four@googlemail.com, pablo@netfilter.org
Subject: Re: [PATCH 4/5] conntrack: export lsm context rather than internal secid via netlink
Date: Tue, 12 Oct 2010 19:14:44 -0400 [thread overview]
Message-ID: <1286925284.5133.98.camel@sifl> (raw)
In-Reply-To: <20101012154028.26943.6918.stgit@paris.rdu.redhat.com>
On Tue, 2010-10-12 at 11:40 -0400, Eric Paris wrote:
> The conntrack code can export the internal secid to userspace. These are
> dynamic, can change on lsm changes, and have no meaning in userspace. We
> should instead be sending lsm contexts to userspace instead. This patch sends
> the secctx (rather than secid) to userspace over the netlink socket. We use a
> new field CTA_SECCTX and stop using the the old CTA_SECMARK field since it did
> not send particularly useful information.
Looks fine to me in principal, just a nit-picky comment below ...
> -ctnetlink_dump_secmark(struct sk_buff *skb, const struct nf_conn *ct)
> +ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
> {
> - NLA_PUT_BE32(skb, CTA_SECMARK, htonl(ct->secmark));
> - return 0;
> + struct nlattr *nest_secctx;
> + int len, ret;
> + char *secctx;
> +
> + ret = security_secid_to_secctx(ct->secmark, &secctx, &len);
> + if (ret)
> + return ret;
> +
> + ret = -1;
> + nest_secctx = nla_nest_start(skb, CTA_SECCTX | NLA_F_NESTED);
> + if (!nest_secctx)
> + goto nla_put_failure;
>
> + NLA_PUT_STRING(skb, CTA_SECCTX_NAME, secctx);
> + nla_nest_end(skb, nest_secctx);
> +
> + ret = 0;
> nla_put_failure:
> - return -1;
> + security_release_secctx(secctx, len);
> + return ret;
> }
All the ret assignments bother me, I also don't think "nla_put_failure"
is a good choice since we run this code both on success and failure -
how about this:
ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
{
struct nlattr *nest_secctx;
int len, ret;
char *secctx;
ret = security_secid_to_secctx(ct->secmark, &secctx, &len);
if (ret)
return ret;
nest_secctx = nla_nest_start(skb, CTA_SECCTX | NLA_F_NESTED);
if (!nest_secctx) {
ret = -1;
goto dump_secctx_out;
}
NLA_PUT_STRING(skb, CTA_SECCTX_NAME, secctx);
nla_nest_end(skb, nest_secctx);
dump_secctx_out:
security_release_secctx(secctx, len);
return ret;
}
--
paul moore
linux @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2010-10-12 23:14 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-12 15:40 [PATCH 1/5] secmark: do not return early if there was no error Eric Paris
2010-10-12 15:40 ` Eric Paris
2010-10-12 15:40 ` [PATCH 2/5] secmark: make secmark object handling generic Eric Paris
2010-10-12 15:40 ` Eric Paris
2010-10-12 16:26 ` Jan Engelhardt
2010-10-12 17:24 ` Pablo Neira Ayuso
2010-10-12 17:45 ` Eric Paris
2010-10-12 17:45 ` Eric Paris
2010-10-12 17:53 ` Jan Engelhardt
2010-10-12 18:15 ` Pablo Neira Ayuso
2010-10-12 22:55 ` Paul Moore
2010-10-12 22:55 ` Paul Moore
2010-10-12 23:01 ` Eric Paris
2010-10-12 23:01 ` Eric Paris
2010-10-12 23:06 ` Paul Moore
2010-10-12 23:06 ` Paul Moore
2010-10-12 23:14 ` Eric Paris
2010-10-12 23:14 ` Eric Paris
2010-10-12 23:20 ` Paul Moore
2010-10-12 23:20 ` Paul Moore
2010-10-12 15:40 ` [PATCH 3/5] security: secid_to_secctx returns len when data is NULL Eric Paris
2010-10-12 15:40 ` Eric Paris
2010-10-12 23:04 ` Paul Moore
2010-10-12 23:04 ` Paul Moore
2010-10-12 15:40 ` [PATCH 4/5] conntrack: export lsm context rather than internal secid via netlink Eric Paris
2010-10-12 15:40 ` Eric Paris
2010-10-12 23:14 ` Paul Moore [this message]
2010-10-12 23:14 ` Paul Moore
2010-10-12 23:24 ` Eric Paris
2010-10-12 23:24 ` Eric Paris
2010-10-13 13:41 ` Paul Moore
2010-10-13 13:41 ` Paul Moore
2010-10-12 15:40 ` [PATCH 5/5] secmark: export secctx, drop secmark in procfs Eric Paris
2010-10-12 15:40 ` Eric Paris
2010-10-12 23:19 ` Paul Moore
2010-10-12 23:19 ` Paul Moore
2010-10-12 23:27 ` Eric Paris
2010-10-12 23:27 ` Eric Paris
2010-10-12 22:52 ` [PATCH 1/5] secmark: do not return early if there was no error Paul Moore
2010-10-12 22:52 ` Paul Moore
2010-10-12 23:38 ` James Morris
2010-10-12 23:38 ` James Morris
2010-10-12 23:50 ` Eric Paris
2010-10-12 23:50 ` Eric Paris
2010-10-13 4:07 ` James Morris
2010-10-13 4:07 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1286925284.5133.98.camel@sifl \
--to=paul.moore@hp.com \
--cc=eparis@redhat.com \
--cc=jengelh@medozas.de \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mr.dash.four@googlemail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.