Linux Security Modules development
 help / color / mirror / Atom feed
* [RFC PATCH 0/3] coredump, net: fix layer violation with direct connection
@ 2026-07-03  7:39 John Ericson
  2026-07-03  7:39 ` [RFC PATCH 1/3] af_unix: factor out unix_lookup_bsd_path() John Ericson
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: John Ericson @ 2026-07-03  7:39 UTC (permalink / raw)
  To: David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni
  Cc: John Ericson, Cong Wang, Kuniyuki Iwashima, Simon Horman,
	Christian Brauner, David Rheinsberg, Andy Lutomirski,
	Sergei Zimmerman, netdev, linux-fsdevel, Mickaël Salaün,
	Günther Noack, Paul Moore, linux-security-module,
	linux-kernel

From: John Ericson <mail@JohnEricson.me>

In https://lore.kernel.org/all/akWxrjOl4Up02Bvq@pop-os.localdomain/ Cong
Wang asked about doing things without new syscalls for my fd-based
connect idea. This got me investigating a few things, all of which I hope to
submit as patches.

This is the first one. I stumbled on `SOCK_COREDUMP` in `af_unix.c`, and
I realized that this was --- right in the part of the kernel I was
already looking at --- an excellent example of something that directly
connecting to a socket could do better. This is not because the
filesystem would never be involved (the interface in procfs still
specifies a path) but because the core dumper wants to resolve that path
differently than the usual way.

The first two commits are refactors that expose/create the necessary
functionality, and then the last commit actually does the untangling of
the unix socket implementation and the core dumper. See especially that
third commit message for details.

I hope this is a compelling use-case for you all, that does not touch
the UABI yet, but also does just the sort of thing that would be nice to
expose with a new syscall.

John

John Ericson (3):
  af_unix: factor out unix_lookup_bsd_path()
  af_unix: factor out kernel_unix_connect_direct()
  coredump, net: remove `SOCK_COREDUMP`

 fs/coredump.c                 |  47 +++--
 include/linux/lsm_hook_defs.h |   3 +-
 include/linux/net.h           |   1 -
 include/linux/security.h      |   4 +-
 include/net/af_unix.h         |   2 +
 net/unix/af_unix.c            | 335 +++++++++++++++++++++++++---------
 security/landlock/fs.c        |   7 +-
 security/security.c           |   5 +-
 8 files changed, 287 insertions(+), 117 deletions(-)

-- 
2.54.0


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2026-07-03  9:32 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-03  7:39 [RFC PATCH 0/3] coredump, net: fix layer violation with direct connection John Ericson
2026-07-03  7:39 ` [RFC PATCH 1/3] af_unix: factor out unix_lookup_bsd_path() John Ericson
2026-07-03  7:39 ` [RFC PATCH 2/3] af_unix: factor out kernel_unix_connect_direct() John Ericson
2026-07-03  7:39 ` [RFC PATCH 3/3] coredump, net: remove `SOCK_COREDUMP` John Ericson
2026-07-03  8:11   ` Christian Brauner
2026-07-03  9:08     ` John Ericson
2026-07-03  9:31       ` Christian Brauner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox