Re: [PATCH 0/2] lsm: introduce and use security_mptcp_add_subflow()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2022-12-14 at 23:01 +0100, Paolo Abeni wrote:
> This series is an attempt to solve the LSM labeling breakage
> reported here:
> 
> https://lore.kernel.org/linux-security-module/CAHC9VhSQnhH3UL4gqzu+YiA1Q3YyLLCv88gLJOvw-0+uw5Lvkw@xxxxxxxxxxxxxx/
> 
> As per previous discussion, a new LSM hook is introduced and
> invoked by the mptcp code to let LSMs set the appropriate label
> for the newly created subflow.
> 
> I'm not sure the chosen hook name is a perfect fit, any suggestion
> more then welcome.
> The new hook requires both the mptcp socket reference and the
> subflow socket reference, even if the provided LSM implementation
> for selinux ends-up accessing only the subflow socket. Possibly
> other LSM implementation could need or use the addtional parameter.

I forgot to mention this has been tested vs the reproducer described in
the above link and vs the mptcp self-tests.

Cheers,

Paolo




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux