On Fri, Oct 31, 2014 at 05:36:32PM +0100, Karol Lewandowski wrote: > This is set of EXPERIMENTAL patches adding lsm support to kdbus. > (Rebased on top of v3.17.) > > >From least to most invasive: > > - (1) kdbus: extend structures with security pointer for lsm > > Trivial. Applicable as-is. > > - (2) security: export security_file_receive for modules > (3) kdbus: check if lsm permits installing received fds > > fd_install doesn't seem to consult LSM, these patches > ensure that receiving process has the right to sent fds. > > Compile-tested only. > > - (4) security: introduce lsm hooks for kdbus > (5) kdbus: make use of new lsm hooks > > Set of proof-of-concept hooks discussed previously with Paul Moore. > > kdbus integration patch (5) for review, but unlikely for integration > at this stage. > > Likewise, compile-tested only. > > > Karol Lewandowski (5): > kdbus: extend structures with security pointer for lsm > security: export security_file_receive for modules > kdbus: check if lsm permits installing received fds > security: introduce lsm hooks for kdbus > kdbus: make use of new lsm hooks These looks reasonable to me, thanks for sending them. They will need to be refreshed again after this next round of changes, but it shouldn't be that hard to do so. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
