[PATCH net-next 10/12] selinux: add support for RTM_NEWTUNNEL, RTM_DELTUNNEL, and RTM_GETTUNNEL

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Roopa Prabhu <roopa@nvidia.com>
To: <davem@davemloft.net>, <kuba@kernel.org>
Cc: <netdev@vger.kernel.org>, <stephen@networkplumber.org>,
	<nikolay@cumulusnetworks.com>, <idosch@nvidia.com>,
	<dsahern@gmail.com>
Subject: [PATCH net-next 10/12] selinux: add support for RTM_NEWTUNNEL, RTM_DELTUNNEL, and RTM_GETTUNNEL
Date: Sun, 20 Feb 2022 14:04:03 +0000	[thread overview]
Message-ID: <20220220140405.1646839-11-roopa@nvidia.com> (raw)
In-Reply-To: <20220220140405.1646839-1-roopa@nvidia.com>

From: Benjamin Poirier <bpoirier@nvidia.com>

This patch adds newly added RTM_*TUNNEL msgs to nlmsg_route_perms

Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
---
 security/selinux/nlmsgtab.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 94ea2a8b2bb7..6ad3ee02e023 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -91,6 +91,9 @@ static const struct nlmsg_perm nlmsg_route_perms[] =
 	{ RTM_NEWNEXTHOPBUCKET,	NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
 	{ RTM_DELNEXTHOPBUCKET,	NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
 	{ RTM_GETNEXTHOPBUCKET,	NETLINK_ROUTE_SOCKET__NLMSG_READ  },
+	{ RTM_NEWTUNNEL,	NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+	{ RTM_DELTUNNEL,	NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+	{ RTM_GETTUNNEL,	NETLINK_ROUTE_SOCKET__NLMSG_READ  },
 };
 
 static const struct nlmsg_perm nlmsg_tcpdiag_perms[] =
@@ -176,7 +179,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
 		 * structures at the top of this file with the new mappings
 		 * before updating the BUILD_BUG_ON() macro!
 		 */
-		BUILD_BUG_ON(RTM_MAX != (RTM_NEWNEXTHOPBUCKET + 3));
+		BUILD_BUG_ON(RTM_MAX != (RTM_NEWTUNNEL + 3));
 		err = nlmsg_perm(nlmsg_type, perm, nlmsg_route_perms,
 				 sizeof(nlmsg_route_perms));
 		break;
-- 
2.25.1

next prev parent reply	other threads:[~2022-02-20 14:06 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-20 14:03 [PATCH net-next 00/12] vxlan metadata device vnifiltering support Roopa Prabhu
2022-02-20 14:03 ` [PATCH net-next 01/12] vxlan: move to its own directory Roopa Prabhu
2022-02-20 14:03 ` [PATCH net-next 02/12] vxlan_core: move common declarations to private header file Roopa Prabhu
2022-02-20 14:03 ` [PATCH net-next 03/12] vxlan_core: move some fdb helpers to non-static Roopa Prabhu
2022-02-20 14:03 ` [PATCH net-next 04/12] vxlan_core: make multicast helper take rip and ifindex explicitly Roopa Prabhu
2022-02-20 14:03 ` [PATCH net-next 05/12] vxlan_core: add helper vxlan_vni_in_use Roopa Prabhu
2022-02-20 14:03 ` [PATCH net-next 06/12] rtnetlink: add new rtm tunnel api for tunnel id filtering Roopa Prabhu
2022-02-20 14:29   ` Roopa Prabhu
2022-02-20 14:04 ` [PATCH net-next 07/12] vxlan_multicast: Move multicast helpers to a separate file Roopa Prabhu
2022-02-20 14:04 ` [PATCH net-next 08/12] vxlan: vni filtering support on collect metadata device Roopa Prabhu
2022-02-20 22:24   ` kernel test robot
2022-02-20 14:04 ` [PATCH net-next 09/12] selftests: add new tests for vxlan vnifiltering Roopa Prabhu
2022-02-20 14:04 ` Roopa Prabhu [this message]
2022-02-21  1:47   ` [PATCH net-next 10/12] selinux: add support for RTM_NEWTUNNEL, RTM_DELTUNNEL, and RTM_GETTUNNEL Benjamin Poirier
2022-02-20 14:04 ` [PATCH net-next 11/12] drivers: vxlan: vnifilter: per vni stats Roopa Prabhu
2022-02-21  2:11   ` kernel test robot
2022-02-20 14:04 ` [PATCH net-next 12/12] drivers: vxlan: vnifilter: add support for stats dumping Roopa Prabhu
2022-02-20 14:12   ` Nikolay Aleksandrov
2022-02-20 14:27     ` Roopa Prabhu

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:94ea2a8b2bb dfblob:6ad3ee02e02 )
 OR (
bs:"[PATCH net-next 10/12] selinux: add support for RTM_NEWTUNNEL, RTM_DELTUNNEL, and RTM_GETTUNNEL" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220220140405.1646839-11-roopa@nvidia.com \
    --to=roopa@nvidia.com \
    --cc=davem@davemloft.net \
    --cc=dsahern@gmail.com \
    --cc=idosch@nvidia.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=nikolay@cumulusnetworks.com \
    --cc=stephen@networkplumber.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).