On Apr 20, 2023 Matthieu Baerts <matthieu.baerts@xxxxxxxxxxxx> wrote: > > MPTCP can create subflows in kernel context, and later indirectly > expose them to user-space, via the owning MPTCP socket. > > As discussed in the reported link, the above causes unexpected failures > for server, MPTCP-enabled applications. > > Let's introduce a new LSM hook to allow the security module to relabel > the subflow according to the owning user-space process, via the MPTCP > socket owning the subflow. > > Note that the new hook requires both the MPTCP socket and the new > subflow. This could allow future extensions, e.g. explicitly validating > the MPTCP <-> subflow linkage. > > Link: https://lore.kernel.org/mptcp/CAHC9VhTNh-YwiyTds=P1e3rixEDqbRTFj22bpya=+qJqfcaMfg@xxxxxxxxxxxxxx/ > Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx> > Acked-by: Matthieu Baerts <matthieu.baerts@xxxxxxxxxxxx> > Signed-off-by: Matthieu Baerts <matthieu.baerts@xxxxxxxxxxxx> > --- > v2: > - Address Paul's comments: > - clarification around "the owning process" in the commit message > - making it clear the hook has to be called after the sk init part > - consistent capitalization of "MPTCP" > --- > include/linux/lsm_hook_defs.h | 1 + > include/linux/security.h | 6 ++++++ > net/mptcp/subflow.c | 6 ++++++ > security/security.c | 17 +++++++++++++++++ > 4 files changed, 30 insertions(+) This looks good to me, merged into selinux/next - thank you for all the work that went into this! -- paul-moore.com
