From: Paul Moore <pmoore@redhat.com>
To: Paul Osmialowski <p.osmialowsk@samsung.com>,
linux-security-module@vger.kernel.org,
Lukasz Pawelczyk <l.pawelczyk@samsung.com>,
selinux@tycho.nsa.gov
Subject: [RFC PATCH v1 0/3] Another take on the kdbus LSM hooks
Date: Wed, 23 Sep 2015 17:44:06 -0400 [thread overview]
Message-ID: <20150923213043.25616.43422.stgit@localhost> (raw)
A different take on the previous kdbus LSM hooks, intended to be much
simpler and more in line with what we currently do for binder and
other IPC mechanisms. This patchset has three patches, the first
patch contains the LSM hooks and the last two patches are SELinux
specific implementations of those hooks. Paul/Lukasz, please take a
look and see if this simplified set of hooks works for you; I'm hoping
it will.
This patchset is based of Greg's char-misc#kdbus tree which is a
little out of date with respect to LSM development, but that shouldn't
be a problem at this early stage of review.
I've intentionally only sent this to the SELinux and LSM list for the
time being; once we resolve our own concerns with the different
approaches we can start including the kdbus developers and other
relevant lists. I'm also hoping that once we have a patchset which
contains the necessary SELinux/Smack/etc. support we can push this to
Greg for inclusion in the kdbus branch so we have at least some
kdbus/LSM support if/when kdbus is ever merged into Linus' tree.
You can find these patches in the working-kdbus-v1 branch of the
SELinux tree:
* git://git.infradead.org/users/pcmoore/selinux
---
Paul Moore (3):
lsm: introduce hooks for kdbus
selinux: introduce kdbus names into the policy
selinux: introduce kdbus access controls
include/linux/security.h | 113 +++++++++++++++++++++++++++++++++
ipc/kdbus/connection.c | 73 ++++++++++++++-------
ipc/kdbus/message.c | 19 ++++-
ipc/kdbus/metadata.c | 6 +-
security/security.c | 45 +++++++++++++
security/selinux/hooks.c | 121 ++++++++++++++++++++++++++++++++++-
security/selinux/include/classmap.h | 4 +
security/selinux/include/security.h | 6 +-
security/selinux/ss/policydb.c | 59 +++++++++++++++++
security/selinux/ss/policydb.h | 3 +
security/selinux/ss/services.c | 38 +++++++++++
11 files changed, 449 insertions(+), 38 deletions(-)
next reply other threads:[~2015-09-23 21:44 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-23 21:44 Paul Moore [this message]
2015-09-23 21:44 ` [RFC PATCH v1 1/3] lsm: introduce hooks for kdbus Paul Moore
2015-09-24 15:57 ` Stephen Smalley
2015-09-25 22:09 ` Paul Moore
2015-09-24 18:01 ` Stephen Smalley
2015-09-25 22:17 ` Paul Moore
2015-09-23 21:44 ` [RFC PATCH v1 2/3] selinux: introduce kdbus names into the policy Paul Moore
2015-09-23 21:44 ` [RFC PATCH v1 3/3] selinux: introduce kdbus access controls Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150923213043.25616.43422.stgit@localhost \
--to=pmoore@redhat.com \
--cc=l.pawelczyk@samsung.com \
--cc=linux-security-module@vger.kernel.org \
--cc=p.osmialowsk@samsung.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.