This is set of EXPERIMENTAL patches adding lsm support to kdbus. (Rebased on top of v3.17.) >From least to most invasive: - (1) kdbus: extend structures with security pointer for lsm Trivial. Applicable as-is. - (2) security: export security_file_receive for modules (3) kdbus: check if lsm permits installing received fds fd_install doesn't seem to consult LSM, these patches ensure that receiving process has the right to sent fds. Compile-tested only. - (4) security: introduce lsm hooks for kdbus (5) kdbus: make use of new lsm hooks Set of proof-of-concept hooks discussed previously with Paul Moore. kdbus integration patch (5) for review, but unlikely for integration at this stage. Likewise, compile-tested only. Karol Lewandowski (5): kdbus: extend structures with security pointer for lsm security: export security_file_receive for modules kdbus: check if lsm permits installing received fds security: introduce lsm hooks for kdbus kdbus: make use of new lsm hooks drivers/misc/kdbus/bus.c | 10 +++- drivers/misc/kdbus/bus.h | 2 + drivers/misc/kdbus/connection.c | 34 +++++++++++- drivers/misc/kdbus/connection.h | 2 + drivers/misc/kdbus/domain.c | 7 +++ drivers/misc/kdbus/domain.h | 2 + drivers/misc/kdbus/endpoint.c | 11 ++++ drivers/misc/kdbus/names.c | 9 ++++ drivers/misc/kdbus/queue.c | 13 +++++ include/linux/security.h | 114 ++++++++++++++++++++++++++++++++++++++++ security/capability.c | 84 +++++++++++++++++++++++++++++ security/security.c | 85 ++++++++++++++++++++++++++++++ 12 files changed, 371 insertions(+), 2 deletions(-) -- 2.1.1 -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
