Quoting Samir Bellabes (sam@xxxxxxxxx): > this patch creates a entry in folder security/ and adds Kconfig and Makefile > > Signed-off-by: Samir Bellabes <sam@xxxxxxxxx> > --- > security/Kconfig | 1 + > security/Makefile | 2 ++ > security/snet/Kconfig | 22 ++++++++++++++++++++++ > security/snet/Makefile | 13 +++++++++++++ > 4 files changed, 38 insertions(+), 0 deletions(-) > create mode 100644 security/snet/Kconfig > create mode 100644 security/snet/Makefile > > diff --git a/security/Kconfig b/security/Kconfig > index 226b955..48e8fee 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -140,6 +140,7 @@ config LSM_MMAP_MIN_ADDR > source security/selinux/Kconfig > source security/smack/Kconfig > source security/tomoyo/Kconfig > +source security/snet/Kconfig > > source security/integrity/ima/Kconfig > > diff --git a/security/Makefile b/security/Makefile > index bb44e35..0870dd0 100644 > --- a/security/Makefile > +++ b/security/Makefile > @@ -6,6 +6,7 @@ obj-$(CONFIG_KEYS) += keys/ > subdir-$(CONFIG_SECURITY_SELINUX) += selinux > subdir-$(CONFIG_SECURITY_SMACK) += smack > subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo > +subdir-$(CONFIG_SECURITY_SNET) += snet > > # always enable default capabilities > obj-y += commoncap.o min_addr.o > @@ -18,6 +19,7 @@ obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o > obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o > obj-$(CONFIG_AUDIT) += lsm_audit.o > obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o > +obj-$(CONFIG_SECURITY_SNET) += snet/built-in.o > obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o > > # Object integrity file lists > diff --git a/security/snet/Kconfig b/security/snet/Kconfig > new file mode 100644 > index 0000000..e1516a1 > --- /dev/null > +++ b/security/snet/Kconfig > @@ -0,0 +1,22 @@ > +# > +# snet > +# > + > +config SECURITY_SNET > + bool "snet - Security for NETwork syscalls" > + depends on SECURITY_NETWORK && IPV6 Why depend on IPV6? > + default n > + ---help--- > + Provide a generic netlink that reports networking's syscalls > + to userspace And also wait for userspace to decide whether to authorize the syscall, right? 'report on' is very different. > + > +config SECURITY_SNET_DEBUG > + bool "snet debug messages" > + depends on SECURITY_SNET > + ---help--- > + Only use if you are hacking snet. > + > + This toggles the debugging outputs, by setting the parameter snet_debug > + to 0 or 1 at boot. > + > + Just say N > diff --git a/security/snet/Makefile b/security/snet/Makefile > new file mode 100644 > index 0000000..ee6bd83 > --- /dev/null > +++ b/security/snet/Makefile > @@ -0,0 +1,13 @@ > +# > +# Makefile for building the Security Network Events module. > +# > +obj-$(CONFIG_SECURITY_SNET) := snet.o > + > +snet-y := snet_event.o \ > + snet_netlink.o \ > + snet_verdict.o \ > + snet_hooks.o \ > + snet_core.o \ > + snet_utils.o > + > +EXTRA_CFLAGS += -Isecurity/snet/include > -- > 1.6.3.3 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
