From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Samir Bellabes <sam@synack.fr>
Cc: linux-security-module@vger.kernel.org,
Patrick McHardy <kaber@trash.net>, jamal <hadi@cyberus.ca>,
Evgeniy Polyakov <zbr@ioremap.net>,
Neil Horman <nhorman@tuxdriver.com>,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: [RFC 3/9] snet: introduce security/snet, Makefile and Kconfig changes
Date: Mon, 4 Jan 2010 12:39:43 -0600 [thread overview]
Message-ID: <20100104183943.GB6034@us.ibm.com> (raw)
In-Reply-To: <1262437456-24476-4-git-send-email-sam@synack.fr>
Quoting Samir Bellabes (sam@synack.fr):
> this patch creates a entry in folder security/ and adds Kconfig and Makefile
>
> Signed-off-by: Samir Bellabes <sam@synack.fr>
> ---
> security/Kconfig | 1 +
> security/Makefile | 2 ++
> security/snet/Kconfig | 22 ++++++++++++++++++++++
> security/snet/Makefile | 13 +++++++++++++
> 4 files changed, 38 insertions(+), 0 deletions(-)
> create mode 100644 security/snet/Kconfig
> create mode 100644 security/snet/Makefile
>
> diff --git a/security/Kconfig b/security/Kconfig
> index 226b955..48e8fee 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -140,6 +140,7 @@ config LSM_MMAP_MIN_ADDR
> source security/selinux/Kconfig
> source security/smack/Kconfig
> source security/tomoyo/Kconfig
> +source security/snet/Kconfig
>
> source security/integrity/ima/Kconfig
>
> diff --git a/security/Makefile b/security/Makefile
> index bb44e35..0870dd0 100644
> --- a/security/Makefile
> +++ b/security/Makefile
> @@ -6,6 +6,7 @@ obj-$(CONFIG_KEYS) += keys/
> subdir-$(CONFIG_SECURITY_SELINUX) += selinux
> subdir-$(CONFIG_SECURITY_SMACK) += smack
> subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
> +subdir-$(CONFIG_SECURITY_SNET) += snet
>
> # always enable default capabilities
> obj-y += commoncap.o min_addr.o
> @@ -18,6 +19,7 @@ obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
> obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
> obj-$(CONFIG_AUDIT) += lsm_audit.o
> obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o
> +obj-$(CONFIG_SECURITY_SNET) += snet/built-in.o
> obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
>
> # Object integrity file lists
> diff --git a/security/snet/Kconfig b/security/snet/Kconfig
> new file mode 100644
> index 0000000..e1516a1
> --- /dev/null
> +++ b/security/snet/Kconfig
> @@ -0,0 +1,22 @@
> +#
> +# snet
> +#
> +
> +config SECURITY_SNET
> + bool "snet - Security for NETwork syscalls"
> + depends on SECURITY_NETWORK && IPV6
Why depend on IPV6?
> + default n
> + ---help---
> + Provide a generic netlink that reports networking's syscalls
> + to userspace
And also wait for userspace to decide whether to authorize the
syscall, right? 'report on' is very different.
> +
> +config SECURITY_SNET_DEBUG
> + bool "snet debug messages"
> + depends on SECURITY_SNET
> + ---help---
> + Only use if you are hacking snet.
> +
> + This toggles the debugging outputs, by setting the parameter snet_debug
> + to 0 or 1 at boot.
> +
> + Just say N
> diff --git a/security/snet/Makefile b/security/snet/Makefile
> new file mode 100644
> index 0000000..ee6bd83
> --- /dev/null
> +++ b/security/snet/Makefile
> @@ -0,0 +1,13 @@
> +#
> +# Makefile for building the Security Network Events module.
> +#
> +obj-$(CONFIG_SECURITY_SNET) := snet.o
> +
> +snet-y := snet_event.o \
> + snet_netlink.o \
> + snet_verdict.o \
> + snet_hooks.o \
> + snet_core.o \
> + snet_utils.o
> +
> +EXTRA_CFLAGS += -Isecurity/snet/include
> --
> 1.6.3.3
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-01-04 18:39 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-02 13:04 [RFC 0/9] snet: Security for NETwork syscalls Samir Bellabes
2010-01-02 13:04 ` [RFC 1/9] lsm: add security_socket_closed() Samir Bellabes
2010-01-04 18:33 ` Serge E. Hallyn
2010-01-02 13:04 ` [RFC 2/9] Revert "lsm: Remove the socket_post_accept() hook" Samir Bellabes
2010-01-04 18:36 ` Serge E. Hallyn
2010-01-05 0:31 ` Tetsuo Handa
2010-01-05 0:38 ` Serge E. Hallyn
2010-01-02 13:04 ` [RFC 3/9] snet: introduce security/snet, Makefile and Kconfig changes Samir Bellabes
2010-01-04 18:39 ` Serge E. Hallyn [this message]
2010-01-06 6:04 ` Samir Bellabes
2010-01-02 13:04 ` [RFC 4/9] snet: introduce snet_core.c and snet.h Samir Bellabes
2010-01-04 14:43 ` Patrick McHardy
2010-01-06 18:23 ` Samir Bellabes
2010-01-06 19:46 ` Samir Bellabes
2010-01-06 19:58 ` Evgeniy Polyakov
2010-01-23 2:07 ` Samir Bellabes
2010-01-23 2:18 ` Evgeniy Polyakov
2010-01-07 14:34 ` Samir Bellabes
2010-01-07 14:53 ` Samir Bellabes
2010-01-07 14:58 ` Samir Bellabes
2010-01-08 4:32 ` Samir Bellabes
2010-01-04 18:42 ` Serge E. Hallyn
2010-01-06 6:12 ` Samir Bellabes
2010-01-02 13:04 ` [RFC 5/9] snet: introduce snet_event.c and snet_event.h Samir Bellabes
2010-01-02 20:09 ` Evgeniy Polyakov
2010-01-02 23:38 ` Samir Bellabes
2010-01-04 19:08 ` Serge E. Hallyn
2010-01-08 7:21 ` Samir Bellabes
2010-01-08 15:34 ` Serge E. Hallyn
2010-01-08 17:44 ` Samir Bellabes
2010-01-08 17:51 ` Samir Bellabes
2010-01-08 18:10 ` Serge E. Hallyn
2010-01-02 13:04 ` [RFC 6/9] snet: introduce snet_hooks.c and snet_hook.h Samir Bellabes
2010-01-02 20:13 ` Evgeniy Polyakov
2010-01-03 11:10 ` Samir Bellabes
2010-01-03 19:16 ` Stephen Hemminger
2010-01-03 22:26 ` Samir Bellabes
2010-01-02 13:04 ` [RFC 7/9] snet: introduce snet_netlink.c and snet_netlink.h Samir Bellabes
2010-01-04 15:08 ` Patrick McHardy
2010-01-13 4:19 ` Samir Bellabes
2010-01-13 4:28 ` Samir Bellabes
2010-01-13 5:36 ` Patrick McHardy
2010-01-13 4:36 ` Samir Bellabes
2010-01-13 4:41 ` Samir Bellabes
2010-01-13 6:03 ` Samir Bellabes
2010-01-13 6:20 ` Samir Bellabes
2010-01-15 7:02 ` Samir Bellabes
2010-01-15 9:15 ` Samir Bellabes
2010-01-16 1:59 ` Samir Bellabes
2010-01-17 5:42 ` Samir Bellabes
2010-01-23 19:33 ` Samir Bellabes
2010-01-02 13:04 ` [RFC 8/9] snet: introduce snet_verdict.c and snet_verdict.h Samir Bellabes
2010-01-02 13:04 ` [RFC 9/9] snet: introduce snet_utils.c and snet_utils.h Samir Bellabes
2010-01-03 16:57 ` [RFC 0/9] snet: Security for NETwork syscalls jamal
2010-01-05 7:26 ` Samir Bellabes
2010-01-05 8:20 ` Tetsuo Handa
2010-01-05 14:09 ` Serge E. Hallyn
2010-01-06 0:23 ` [PATCH] LSM: Update comment on security_sock_rcv_skb Tetsuo Handa
2010-01-06 3:27 ` Serge E. Hallyn
2010-01-10 21:53 ` James Morris
2010-01-10 16:20 ` [RFC 0/9] snet: Security for NETwork syscalls jamal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100104183943.GB6034@us.ibm.com \
--to=serue@us.ibm.com \
--cc=hadi@cyberus.ca \
--cc=kaber@trash.net \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=sam@synack.fr \
--cc=zbr@ioremap.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).