From: Justin Suess <utilityemal77@gmail.com>
To: Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E . Hallyn" <serge@hallyn.com>,
Kuniyuki Iwashima <kuniyu@google.com>
Cc: "Simon Horman" <horms@kernel.org>,
"Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack@google.com>,
linux-security-module@vger.kernel.org,
"Tingmao Wang" <m@maowtm.org>,
netdev@vger.kernel.org, "Justin Suess" <utilityemal77@gmail.com>
Subject: [RFC PATCH 0/1] lsm: Add hook unix_path_connect
Date: Wed, 31 Dec 2025 16:33:13 -0500 [thread overview]
Message-ID: <20251231213314.2979118-1-utilityemal77@gmail.com> (raw)
Hi,
This patch introduces a new LSM hook unix_path_connect.
The idea for this patch and the hook came from Günther Noack, who
is cc'd. Much credit to him for the idea and discussion.
This patch is based on the lsm next branch.
Motivation
---
For AF_UNIX sockets bound to a filesystem path (aka named sockets), one
identifying object from a policy perspective is the path passed to
connect(2). However, this operation currently restricts LSMs that rely
on VFS-based mediation, because the pathname resolved during connect()
is not preserved in a form visible to existing hooks before connection
establishment. As a result, LSMs such as Landlock cannot currently
restrict connections to named UNIX domain sockets by their VFS path.
This gap has been discussed previously (e.g. in the context of Landlock's
path-based access controls). [1] [2]
I've cc'd the netdev folks as well on this, as the placement of this hook is
important and in a core unix socket function.
Design Choices
---
The hook is called in net/unix/af_unix.c in the function unix_find_bsd().
The hook takes a single parameter, a const struct path* to the named unix
socket to which the connection is being established.
The hook takes place after normal permissions checks, and after the
inode is determined to be a socket. It however, takes place before
the socket is actually connected to.
If the hook returns non-zero it will do a put on the path, and return.
References
---
[1]: https://github.com/landlock-lsm/linux/issues/36#issue-2354007438
[2]: https://lore.kernel.org/linux-security-module/cover.1767115163.git.m@maowtm.org/
Kind Regards,
Justin Suess
Justin Suess (1):
lsm: Add hook unix_path_connect
include/linux/lsm_hook_defs.h | 1 +
include/linux/security.h | 6 ++++++
net/unix/af_unix.c | 8 ++++++++
security/security.c | 16 ++++++++++++++++
4 files changed, 31 insertions(+)
base-commit: 1c0860d4415d52f3ad1c8e0a15c1272869278a06
--
2.51.0
next reply other threads:[~2025-12-31 21:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-31 21:33 Justin Suess [this message]
2025-12-31 21:33 ` [RFC PATCH 1/1] lsm: Add hook unix_path_connect Justin Suess
2026-01-01 12:13 ` Günther Noack
2026-01-01 19:45 ` [RFC PATCH 0/1] " Justin Suess
2026-01-01 23:11 ` Tingmao Wang
2026-01-01 23:40 ` Justin Suess
2026-01-01 9:46 ` [syzbot ci] " syzbot ci
2026-01-01 11:56 ` [RFC PATCH 0/1] " Günther Noack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251231213314.2979118-1-utilityemal77@gmail.com \
--to=utilityemal77@gmail.com \
--cc=gnoack@google.com \
--cc=horms@kernel.org \
--cc=jmorris@namei.org \
--cc=kuniyu@google.com \
--cc=linux-security-module@vger.kernel.org \
--cc=m@maowtm.org \
--cc=mic@digikod.net \
--cc=netdev@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).