On 6/18/2019 10:50 PM, Kees Cook wrote: > On Tue, Jun 18, 2019 at 04:05:50PM -0700, Casey Schaufler wrote: >> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > Was this supposed to be folded into patch 4? The first hunk, yes. I'll do that in the next revision. The second hunk I'm still debating whether this is the right change, or whether the AppArmor socket_getpeersec_dgram stub hook should just be deleted. > -Kees > >> --- >> security/security.c | 6 +++++- >> 1 file changed, 5 insertions(+), 1 deletion(-) >> >> diff --git a/security/security.c b/security/security.c >> index 5a23ccec7c7b..8aca43ab3e81 100644 >> --- a/security/security.c >> +++ b/security/security.c >> @@ -461,6 +461,8 @@ int __init security_add_hooks(struct security_hook_list *hooks, int count, >> hooks[i].head == &security_hook_heads.kernel_act_as || >> hooks[i].head == >> &security_hook_heads.socket_getpeersec_dgram || >> + hooks[i].head == &security_hook_heads.getprocattr || >> + hooks[i].head == &security_hook_heads.setprocattr || >> hooks[i].head == &security_hook_heads.secctx_to_secid || >> hooks[i].head == &security_hook_heads.release_secctx || >> hooks[i].head == &security_hook_heads.ipc_getsecid || >> @@ -2269,7 +2271,9 @@ int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, >> list) { >> rc = hp->hook.socket_getpeersec_dgram(sock, skb, >> &l->secid[hp->slot]); >> - if (rc != 0) >> + if (rc == -ENOPROTOOPT) >> + rc = 0; >> + else if (rc != 0) >> break; >> } >> return rc; >> -- >> 2.20.1 >>