From: Casey Schaufler <casey@schaufler-ca.com>
To: Paul Osmialowski <p.osmialowsk@samsung.com>,
Paul Moore <pmoore@redhat.com>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Kees Cook <keescook@chromium.org>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Stephen Smalley <sds@tycho.nsa.gov>, Neil Brown <neilb@suse.de>,
Mark Rustad <mark.d.rustad@intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Daniel Mack <daniel@zonque.org>,
David Herrmann <dh.herrmann@googlemail.com>,
Djalal Harouni <tixxdz@opendz.org>,
Shuah Khan <shuahkh@osg.samsung.com>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-api@vger.kernel.org
Cc: Karol Lewandowski <k.lewandowsk@samsung.com>,
Lukasz Skalski <l.skalski@samsung.com>
Subject: Re: [RFC 0/8] Introduce LSM to KDBUS
Date: Wed, 08 Jul 2015 09:46:50 -0700 [thread overview]
Message-ID: <559D53FA.10001@schaufler-ca.com> (raw)
In-Reply-To: <1436351110-5902-1-git-send-email-p.osmialowsk@samsung.com>
On 7/8/2015 3:25 AM, Paul Osmialowski wrote:
> This patchset partially summarizes effects of collective work by
> Karol Lewandowski and Paul Moore towards introduction of LSM into KDBUS.
>
> These patches originate from following git repositories:
>
> git://git.infradead.org/users/pcmoore/selinux (branch: working-kdbus)
>
> https://github.com/lmctl/linux.git (branch: kdbus-lsm-v4.for-systemd-v212)
>
> https://github.com/lmctl/kdbus.git (branch: kdbus-lsm-v4.for-systemd-v212)
>
> Since kdbus made its way to linux-next tree, I was kindly asked by
> Karol Lewandowski to fit his work into the current kdbus code existing
> there.
>
> As both kdbus and security related code changed a bit, so are my changes
> quite substantial in places.
>
> Note that SELinux kdbus access control patches are absent - only SMACK part
> of original work is included.
Patches 2 and 3 need to be reversed. You can't add the Smack hooks
until you've added the infrastructure for them.
My comments should in no way be construed as an endorsement of kdbus.
>
> I've also made some changes to kdbus test suite. In order to see LSM hooks
> in action we need to be able to run tests from different executable
> binaries holding different security labels.
>
> Therefore I added ability to select execution of particular test by
> executed binary name. This is essential for running newly added 'send' test
> which should communicate with 'daemon' test running in another process.
>
> Karol Lewandowski (1):
> lsm: make security_file_receive available for external modules
>
> Paul Osmialowski (7):
> lsm: smack: Make ipc/kdbus includes visible so smack callbacks could
> see them
> lsm: kdbus security hooks
> lsm: smack: smack callbacks for kdbus security hooks
> kdbus: use LSM hooks in kdbus code
> kdbus: TEST_CREATE_CONN now does no depend on TEST_CREATE_BUS
> kdbus: selftests extended
> kdbus: Ability to run kdbus test by executable binary name
>
> include/linux/lsm_hooks.h | 67 +++++++++++++
> include/linux/security.h | 99 +++++++++++++++++++
> ipc/kdbus/bus.c | 12 ++-
> ipc/kdbus/bus.h | 3 +
> ipc/kdbus/connection.c | 54 +++++++++++
> ipc/kdbus/connection.h | 4 +
> ipc/kdbus/domain.c | 9 +-
> ipc/kdbus/domain.h | 2 +
> ipc/kdbus/endpoint.c | 11 +++
> ipc/kdbus/names.c | 11 +++
> ipc/kdbus/queue.c | 30 ++++--
> security/security.c | 118 +++++++++++++++++++++++
> security/smack/Makefile | 2 +
> security/smack/smack_lsm.c | 68 +++++++++++++
> tools/testing/selftests/kdbus/Makefile | 1 +
> tools/testing/selftests/kdbus/kdbus-test.c | 37 ++++++-
> tools/testing/selftests/kdbus/kdbus-test.h | 1 +
> tools/testing/selftests/kdbus/kdbus-util.c | 37 ++++---
> tools/testing/selftests/kdbus/kdbus-util.h | 2 +-
> tools/testing/selftests/kdbus/test-activator.c | 20 ++--
> tools/testing/selftests/kdbus/test-chat.c | 6 +-
> tools/testing/selftests/kdbus/test-connection.c | 8 +-
> tools/testing/selftests/kdbus/test-fd.c | 2 +-
> tools/testing/selftests/kdbus/test-message.c | 69 ++++++++-----
> tools/testing/selftests/kdbus/test-metadata-ns.c | 10 +-
> tools/testing/selftests/kdbus/test-monitor.c | 9 +-
> tools/testing/selftests/kdbus/test-policy-ns.c | 8 +-
> tools/testing/selftests/kdbus/test-policy-priv.c | 48 +++++----
> tools/testing/selftests/kdbus/test-send.c | 84 ++++++++++++++++
> tools/testing/selftests/kdbus/test-sync.c | 2 +-
> tools/testing/selftests/kdbus/test-timeout.c | 2 +-
> 31 files changed, 732 insertions(+), 104 deletions(-)
> create mode 100644 tools/testing/selftests/kdbus/test-send.c
>
prev parent reply other threads:[~2015-07-08 16:46 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-08 10:25 [RFC 0/8] Introduce LSM to KDBUS Paul Osmialowski
2015-07-08 10:25 ` [RFC 1/8] lsm: make security_file_receive available for external modules Paul Osmialowski
[not found] ` <1436351110-5902-1-git-send-email-p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-07-08 10:25 ` [RFC 2/8] lsm: smack: Make ipc/kdbus includes visible so smack callbacks could see them Paul Osmialowski
2015-07-08 10:25 ` Paul Osmialowski
2015-07-08 16:43 ` Daniel Mack
2015-07-08 10:25 ` [RFC 3/8] lsm: kdbus security hooks Paul Osmialowski
2015-07-08 10:25 ` Paul Osmialowski
[not found] ` <1436351110-5902-4-git-send-email-p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-07-08 11:00 ` Lukasz Pawelczyk
2015-07-08 11:00 ` Lukasz Pawelczyk
2015-07-08 14:14 ` Greg Kroah-Hartman
2015-07-08 10:25 ` [RFC 4/8] lsm: smack: smack callbacks for " Paul Osmialowski
2015-07-08 10:25 ` Paul Osmialowski
2015-07-08 13:42 ` Stephen Smalley
2015-07-08 16:38 ` Casey Schaufler
[not found] ` <559D5201.6060400-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2015-07-08 20:07 ` Paul Moore
2015-07-08 20:07 ` Paul Moore
2015-07-09 10:08 ` Sergei Zviagintsev
[not found] ` <20150709100808.GH25971-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2015-07-09 15:24 ` Casey Schaufler
2015-07-09 15:24 ` Casey Schaufler
2015-07-08 10:25 ` [RFC 5/8] kdbus: use LSM hooks in kdbus code Paul Osmialowski
2015-07-08 10:25 ` Paul Osmialowski
[not found] ` <1436351110-5902-6-git-send-email-p.osmialowsk-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-07-08 11:06 ` Lukasz Pawelczyk
2015-07-08 11:06 ` Lukasz Pawelczyk
2015-07-08 11:09 ` Lukasz Pawelczyk
2015-07-08 11:09 ` Lukasz Pawelczyk
[not found] ` <1436353775.2331.2.camel-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-07-08 12:12 ` Paul Osmialowski
2015-07-08 12:12 ` Paul Osmialowski
2015-07-09 10:55 ` Sergei Zviagintsev
[not found] ` <20150709105510.GI25971-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2015-07-09 11:28 ` Paul Osmialowski
2015-07-09 11:28 ` Paul Osmialowski
2015-07-08 14:13 ` Greg Kroah-Hartman
2015-07-08 14:13 ` Greg Kroah-Hartman
2015-07-08 13:37 ` Stephen Smalley
[not found] ` <559D27AB.4010402-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
2015-07-10 16:56 ` Stephen Smalley
2015-07-10 16:56 ` Stephen Smalley
2015-07-10 18:20 ` Stephen Smalley
2015-07-10 18:20 ` Stephen Smalley
2015-07-08 16:24 ` Casey Schaufler
2015-07-08 10:25 ` [RFC 6/8] kdbus: TEST_CREATE_CONN now does no depend on TEST_CREATE_BUS Paul Osmialowski
2015-07-08 10:25 ` [RFC 7/8] kdbus: selftests extended Paul Osmialowski
2015-07-08 10:25 ` [RFC 8/8] kdbus: Ability to run kdbus test by executable binary name Paul Osmialowski
2015-07-08 14:16 ` Greg Kroah-Hartman
2015-07-08 14:58 ` Paul Osmialowski
2015-07-08 16:46 ` Casey Schaufler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=559D53FA.10001@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=daniel@zonque.org \
--cc=dh.herrmann@googlemail.com \
--cc=gregkh@linuxfoundation.org \
--cc=james.l.morris@oracle.com \
--cc=k.lewandowsk@samsung.com \
--cc=keescook@chromium.org \
--cc=l.skalski@samsung.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mark.d.rustad@intel.com \
--cc=neilb@suse.de \
--cc=p.osmialowsk@samsung.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=pmoore@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=serge@hallyn.com \
--cc=shuahkh@osg.samsung.com \
--cc=tixxdz@opendz.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.