From: Paul Moore <pmoore@redhat.com>
To: linux-security-module@vger.kernel.org
Cc: linux-audit@redhat.com, selinux@tycho.nsa.gov
Subject: [RFC PATCH v2 0/5] kdbus LSM/SELinux hooks
Date: Mon, 05 Oct 2015 16:41:06 -0400 [thread overview]
Message-ID: <20151005203358.32023.88592.stgit@localhost> (raw)
I got a little distracted with some other tasks so it has taken me a
bit longer than I had hoped to get v2 of this patchset out, but
better late than never they say ...
This revision incorporates all of Stephen's comments and adds support
for auditing kdbus service names; see each patch's changelog for more
details. Please take a look and comment, I'm especially interested
to hear what people have to say about the kdbusfs labeling, right now
it is very barebones, and I'm not sure if we want to support more
options (transitions, etc.).
Also, Smack folks, it would be great if I heard something from you
guys about the viability of these hooks for Smack.
---
Paul Moore (5):
kdbus: add creator credentials to the endpoints
lsm: introduce hooks for kdbus
lsm: add support for auditing kdbus service names
selinux: introduce kdbus names into the policy
selinux: introduce kdbus access controls
include/linux/lsm_audit.h | 2
include/linux/security.h | 126 +++++++++++++++++++++++++++++
ipc/kdbus/bus.c | 13 +--
ipc/kdbus/connection.c | 73 +++++++++++------
ipc/kdbus/endpoint.c | 14 +--
ipc/kdbus/endpoint.h | 3 -
ipc/kdbus/fs.c | 10 ++
ipc/kdbus/message.c | 19 +++-
ipc/kdbus/metadata.c | 6 -
ipc/kdbus/node.c | 11 +--
ipc/kdbus/node.h | 5 +
security/lsm_audit.c | 4 +
security/security.c | 50 ++++++++++++
security/selinux/hooks.c | 152 +++++++++++++++++++++++++++++++++++
security/selinux/include/classmap.h | 4 +
security/selinux/include/security.h | 5 +
security/selinux/ss/policydb.c | 88 +++++++++++++++++---
security/selinux/ss/policydb.h | 3 -
security/selinux/ss/services.c | 38 +++++++++
19 files changed, 540 insertions(+), 86 deletions(-)
next reply other threads:[~2015-10-05 20:41 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-05 20:41 Paul Moore [this message]
2015-10-05 20:41 ` [RFC PATCH v2 1/5] kdbus: add creator credentials to the endpoints Paul Moore
2015-10-05 20:41 ` [RFC PATCH v2 2/5] lsm: introduce hooks for kdbus Paul Moore
2015-10-05 20:41 ` [RFC PATCH v2 3/5] lsm: add support for auditing kdbus service names Paul Moore
2015-10-05 20:41 ` [RFC PATCH v2 4/5] selinux: introduce kdbus names into the policy Paul Moore
2015-10-05 20:41 ` [RFC PATCH v2 5/5] selinux: introduce kdbus access controls Paul Moore
2015-10-06 18:55 ` Nicolas Iooss
2015-10-06 22:20 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151005203358.32023.88592.stgit@localhost \
--to=pmoore@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-security-module@vger.kernel.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).