From: Paul Moore <pmoore@redhat.com>
To: linux-security-module@vger.kernel.org
Cc: Paul Osmialowski <p.osmialowsk@samsung.com>,
linux-audit@redhat.com, selinux@tycho.nsa.gov
Subject: Re: [RFC PATCH v3 5/5] selinux: introduce kdbus access controls
Date: Thu, 08 Oct 2015 12:55:06 -0400 [thread overview]
Message-ID: <2114593.jpPVmy2IkX@sifl> (raw)
In-Reply-To: <20151007230848.7823.68726.stgit@localhost>
On Wednesday, October 07, 2015 07:08:48 PM Paul Moore wrote:
> +static int selinux_kdbus_conn_see_notification(const struct cred *creds)
> +{
> + return avc_has_perm(SECINITSID_KERNEL, cred_sid(creds),
> + SECCLASS_KDBUS, KDBUS__SEE_NOTIFICATION, NULL);
> +}
I'm going to flip the subj/obj ordering here, the passed credentials should be
the subject.
--
paul moore
security @ redhat
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <pmoore@redhat.com>
To: linux-security-module@vger.kernel.org
Cc: linux-audit@redhat.com, selinux@tycho.nsa.gov,
Paul Osmialowski <p.osmialowsk@samsung.com>
Subject: Re: [RFC PATCH v3 5/5] selinux: introduce kdbus access controls
Date: Thu, 08 Oct 2015 12:55:06 -0400 [thread overview]
Message-ID: <2114593.jpPVmy2IkX@sifl> (raw)
In-Reply-To: <20151007230848.7823.68726.stgit@localhost>
On Wednesday, October 07, 2015 07:08:48 PM Paul Moore wrote:
> +static int selinux_kdbus_conn_see_notification(const struct cred *creds)
> +{
> + return avc_has_perm(SECINITSID_KERNEL, cred_sid(creds),
> + SECCLASS_KDBUS, KDBUS__SEE_NOTIFICATION, NULL);
> +}
I'm going to flip the subj/obj ordering here, the passed credentials should be
the subject.
--
paul moore
security @ redhat
next prev parent reply other threads:[~2015-10-08 16:55 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-07 23:08 [RFC PATCH v3 0/5] kdbus LSM/SELinux hooks Paul Moore
2015-10-07 23:08 ` [RFC PATCH v3 1/5] kdbus: add creator credentials to the endpoints Paul Moore
2015-10-09 14:31 ` Stephen Smalley
2015-10-09 14:57 ` Paul Moore
2015-10-09 14:57 ` Paul Moore
2015-10-07 23:08 ` [RFC PATCH v3 2/5] lsm: introduce hooks for kdbus Paul Moore
2015-10-09 14:56 ` Stephen Smalley
2015-10-19 22:29 ` Paul Moore
2015-10-19 22:29 ` Paul Moore
2015-10-20 20:41 ` Stephen Smalley
2015-10-20 20:41 ` Stephen Smalley
2015-10-29 20:38 ` Paul Moore
2015-10-07 23:08 ` [RFC PATCH v3 3/5] lsm: add support for auditing kdbus service names Paul Moore
2015-10-09 14:57 ` Stephen Smalley
2015-10-09 16:25 ` Steve Grubb
2015-10-09 16:25 ` Steve Grubb
2015-10-09 16:40 ` Stephen Smalley
2015-10-09 16:40 ` Stephen Smalley
2015-10-07 23:08 ` [RFC PATCH v3 4/5] selinux: introduce kdbus names into the policy Paul Moore
2015-10-09 16:38 ` Stephen Smalley
2015-10-07 23:08 ` [RFC PATCH v3 5/5] selinux: introduce kdbus access controls Paul Moore
2015-10-08 16:55 ` Paul Moore [this message]
2015-10-08 16:55 ` Paul Moore
2015-10-09 15:05 ` Stephen Smalley
2015-10-09 15:39 ` Paul Moore
2015-10-09 15:39 ` Paul Moore
2015-10-09 20:17 ` Stephen Smalley
2015-10-09 20:17 ` Stephen Smalley
2015-10-09 20:29 ` Paul Moore
2015-10-09 20:29 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2114593.jpPVmy2IkX@sifl \
--to=pmoore@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-security-module@vger.kernel.org \
--cc=p.osmialowsk@samsung.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.