Re: [PATCH] Smack: build when CONFIG_AUDIT not defined

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Casey Schaufler <casey@schaufler-ca.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org,
	James Morris <james.l.morris@oracle.com>,
	Eric Paris <eparis@redhat.com>, Paul Moore <paul.moore@hp.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Andi Kleen <ak@linux.intel.com>,
	linux-security-module@vger.kernel.org,
	Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH] Smack: build when CONFIG_AUDIT not defined
Date: Tue, 10 Apr 2012 15:03:48 -0700	[thread overview]
Message-ID: <4F84AE44.1020505@schaufler-ca.com> (raw)
In-Reply-To: <20120410202644.GA10466@www.outflux.net>

On 4/10/2012 1:26 PM, Kees Cook wrote:
> This fixes builds where CONFIG_AUDIT is not defined and
> CONFIG_SECURITY_SMACK=y.

This problem looks to have been introduced as part of
the "common_audit_data cleanup" from Eric Paris, or of
the integration of those changes from commit
a5149bf3fed59b94207809704b5d06fec337a771
This should probably be "[PATCH] Audit:" rather than
"[PATCH] Smack". I am not planning anything from
smack-next for 3.4.

>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  security/smack/smack_lsm.c |   19 +++++++++++++++----
>  1 files changed, 15 insertions(+), 4 deletions(-)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 81c03a5..10056f2 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -1939,18 +1939,19 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
>  	char *hostsp;
>  	struct socket_smack *ssp = sk->sk_security;
>  	struct smk_audit_info ad;
> -	struct lsm_network_audit net;
>  
>  	rcu_read_lock();
>  	hostsp = smack_host_label(sap);
>  	if (hostsp != NULL) {
> -		sk_lbl = SMACK_UNLABELED_SOCKET;
>  #ifdef CONFIG_AUDIT
> +		struct lsm_network_audit net;
> +
>  		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
>  		ad.a.u.net->family = sap->sin_family;
>  		ad.a.u.net->dport = sap->sin_port;
>  		ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
>  #endif
> +		sk_lbl = SMACK_UNLABELED_SOCKET;
>  		rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);
>  	} else {
>  		sk_lbl = SMACK_CIPSO_SOCKET;
> @@ -2809,11 +2810,14 @@ static int smack_unix_stream_connect(struct sock *sock,
>  	struct socket_smack *osp = other->sk_security;
>  	struct socket_smack *nsp = newsk->sk_security;
>  	struct smk_audit_info ad;
> -	struct lsm_network_audit net;
>  	int rc = 0;
>  
> +#ifdef CONFIG_AUDIT
> +	struct lsm_network_audit net;
> +
>  	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
>  	smk_ad_setfield_u_net_sk(&ad, other);
> +#endif
>  
>  	if (!capable(CAP_MAC_OVERRIDE))
>  		rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
> @@ -2842,11 +2846,14 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other)
>  	struct socket_smack *ssp = sock->sk->sk_security;
>  	struct socket_smack *osp = other->sk->sk_security;
>  	struct smk_audit_info ad;
> -	struct lsm_network_audit net;
>  	int rc = 0;
>  
> +#ifdef CONFIG_AUDIT
> +	struct lsm_network_audit net;
> +
>  	smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
>  	smk_ad_setfield_u_net_sk(&ad, other->sk);
> +#endif
>  
>  	if (!capable(CAP_MAC_OVERRIDE))
>  		rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
> @@ -2993,7 +3000,9 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
>  	char *csp;
>  	int rc;
>  	struct smk_audit_info ad;
> +#ifdef CONFIG_AUDIT
>  	struct lsm_network_audit net;
> +#endif
>  	if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
>  		return 0;
>  
> @@ -3156,7 +3165,9 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
>  	char *sp;
>  	int rc;
>  	struct smk_audit_info ad;
> +#ifdef CONFIG_AUDIT
>  	struct lsm_network_audit net;
> +#endif
>  
>  	/* handle mapped IPv4 packets arriving via IPv6 sockets */
>  	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))

next prev parent reply	other threads:[~2012-04-10 22:03 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-10 20:26 [PATCH] Smack: build when CONFIG_AUDIT not defined Kees Cook
2012-04-10 22:03 ` Casey Schaufler [this message]
2012-04-10 22:41 ` Eric Paris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F84AE44.1020505@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=ak@linux.intel.com \
    --cc=eparis@redhat.com \
    --cc=james.l.morris@oracle.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul.moore@hp.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.