From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Samir Bellabes <sam@synack.fr>
Cc: linux-security-module@vger.kernel.org,
Patrick McHardy <kaber@trash.net>, jamal <hadi@cyberus.ca>,
Evgeniy Polyakov <zbr@ioremap.net>,
Neil Horman <nhorman@tuxdriver.com>,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: [RFC 3/9] snet: introduce security/snet, Makefile and Kconfig changes
Date: Mon, 4 Jan 2010 12:39:43 -0600 [thread overview]
Message-ID: <20100104183943.GB6034@us.ibm.com> (raw)
In-Reply-To: <1262437456-24476-4-git-send-email-sam@synack.fr>
Quoting Samir Bellabes (sam@synack.fr):
> this patch creates a entry in folder security/ and adds Kconfig and Makefile
>
> Signed-off-by: Samir Bellabes <sam@synack.fr>
> ---
> security/Kconfig | 1 +
> security/Makefile | 2 ++
> security/snet/Kconfig | 22 ++++++++++++++++++++++
> security/snet/Makefile | 13 +++++++++++++
> 4 files changed, 38 insertions(+), 0 deletions(-)
> create mode 100644 security/snet/Kconfig
> create mode 100644 security/snet/Makefile
>
> diff --git a/security/Kconfig b/security/Kconfig
> index 226b955..48e8fee 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -140,6 +140,7 @@ config LSM_MMAP_MIN_ADDR
> source security/selinux/Kconfig
> source security/smack/Kconfig
> source security/tomoyo/Kconfig
> +source security/snet/Kconfig
>
> source security/integrity/ima/Kconfig
>
> diff --git a/security/Makefile b/security/Makefile
> index bb44e35..0870dd0 100644
> --- a/security/Makefile
> +++ b/security/Makefile
> @@ -6,6 +6,7 @@ obj-$(CONFIG_KEYS) += keys/
> subdir-$(CONFIG_SECURITY_SELINUX) += selinux
> subdir-$(CONFIG_SECURITY_SMACK) += smack
> subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
> +subdir-$(CONFIG_SECURITY_SNET) += snet
>
> # always enable default capabilities
> obj-y += commoncap.o min_addr.o
> @@ -18,6 +19,7 @@ obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
> obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
> obj-$(CONFIG_AUDIT) += lsm_audit.o
> obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o
> +obj-$(CONFIG_SECURITY_SNET) += snet/built-in.o
> obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
>
> # Object integrity file lists
> diff --git a/security/snet/Kconfig b/security/snet/Kconfig
> new file mode 100644
> index 0000000..e1516a1
> --- /dev/null
> +++ b/security/snet/Kconfig
> @@ -0,0 +1,22 @@
> +#
> +# snet
> +#
> +
> +config SECURITY_SNET
> + bool "snet - Security for NETwork syscalls"
> + depends on SECURITY_NETWORK && IPV6
Why depend on IPV6?
> + default n
> + ---help---
> + Provide a generic netlink that reports networking's syscalls
> + to userspace
And also wait for userspace to decide whether to authorize the
syscall, right? 'report on' is very different.
> +
> +config SECURITY_SNET_DEBUG
> + bool "snet debug messages"
> + depends on SECURITY_SNET
> + ---help---
> + Only use if you are hacking snet.
> +
> + This toggles the debugging outputs, by setting the parameter snet_debug
> + to 0 or 1 at boot.
> +
> + Just say N
> diff --git a/security/snet/Makefile b/security/snet/Makefile
> new file mode 100644
> index 0000000..ee6bd83
> --- /dev/null
> +++ b/security/snet/Makefile
> @@ -0,0 +1,13 @@
> +#
> +# Makefile for building the Security Network Events module.
> +#
> +obj-$(CONFIG_SECURITY_SNET) := snet.o
> +
> +snet-y := snet_event.o \
> + snet_netlink.o \
> + snet_verdict.o \
> + snet_hooks.o \
> + snet_core.o \
> + snet_utils.o
> +
> +EXTRA_CFLAGS += -Isecurity/snet/include
> --
> 1.6.3.3
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-01-04 18:39 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-02 13:04 [RFC 0/9] snet: Security for NETwork syscalls Samir Bellabes
2010-01-02 13:04 ` [RFC 1/9] lsm: add security_socket_closed() Samir Bellabes
2010-01-04 18:33 ` Serge E. Hallyn
2010-01-02 13:04 ` [RFC 2/9] Revert "lsm: Remove the socket_post_accept() hook" Samir Bellabes
2010-01-04 18:36 ` Serge E. Hallyn
2010-01-05 0:31 ` Tetsuo Handa
2010-01-05 0:38 ` Serge E. Hallyn
2010-01-02 13:04 ` [RFC 3/9] snet: introduce security/snet, Makefile and Kconfig changes Samir Bellabes
2010-01-04 18:39 ` Serge E. Hallyn [this message]
2010-01-06 6:04 ` Samir Bellabes
2010-01-02 13:04 ` [RFC 4/9] snet: introduce snet_core.c and snet.h Samir Bellabes
2010-01-04 14:43 ` Patrick McHardy
2010-01-06 18:23 ` Samir Bellabes
2010-01-06 19:46 ` Samir Bellabes
2010-01-06 19:58 ` Evgeniy Polyakov
2010-01-23 2:07 ` Samir Bellabes
2010-01-23 2:18 ` Evgeniy Polyakov
2010-01-07 14:34 ` Samir Bellabes
2010-01-07 14:53 ` Samir Bellabes
2010-01-07 14:58 ` Samir Bellabes
2010-01-08 4:32 ` Samir Bellabes
2010-01-04 18:42 ` Serge E. Hallyn
2010-01-06 6:12 ` Samir Bellabes
2010-01-02 13:04 ` [RFC 5/9] snet: introduce snet_event.c and snet_event.h Samir Bellabes
2010-01-02 20:09 ` Evgeniy Polyakov
2010-01-02 23:38 ` Samir Bellabes
2010-01-04 19:08 ` Serge E. Hallyn
2010-01-08 7:21 ` Samir Bellabes
2010-01-08 15:34 ` Serge E. Hallyn
2010-01-08 17:44 ` Samir Bellabes
2010-01-08 17:51 ` Samir Bellabes
2010-01-08 18:10 ` Serge E. Hallyn
2010-01-02 13:04 ` [RFC 6/9] snet: introduce snet_hooks.c and snet_hook.h Samir Bellabes
2010-01-02 20:13 ` Evgeniy Polyakov
2010-01-03 11:10 ` Samir Bellabes
2010-01-03 19:16 ` Stephen Hemminger
2010-01-03 22:26 ` Samir Bellabes
2010-01-02 13:04 ` [RFC 7/9] snet: introduce snet_netlink.c and snet_netlink.h Samir Bellabes
2010-01-04 15:08 ` Patrick McHardy
2010-01-13 4:19 ` Samir Bellabes
2010-01-13 4:28 ` Samir Bellabes
2010-01-13 5:36 ` Patrick McHardy
2010-01-13 4:36 ` Samir Bellabes
2010-01-13 4:41 ` Samir Bellabes
2010-01-13 6:03 ` Samir Bellabes
2010-01-13 6:20 ` Samir Bellabes
2010-01-15 7:02 ` Samir Bellabes
2010-01-15 9:15 ` Samir Bellabes
2010-01-16 1:59 ` Samir Bellabes
2010-01-17 5:42 ` Samir Bellabes
2010-01-23 19:33 ` Samir Bellabes
2010-01-02 13:04 ` [RFC 8/9] snet: introduce snet_verdict.c and snet_verdict.h Samir Bellabes
2010-01-02 13:04 ` [RFC 9/9] snet: introduce snet_utils.c and snet_utils.h Samir Bellabes
2010-01-03 16:57 ` [RFC 0/9] snet: Security for NETwork syscalls jamal
2010-01-05 7:26 ` Samir Bellabes
2010-01-05 8:20 ` Tetsuo Handa
2010-01-05 14:09 ` Serge E. Hallyn
2010-01-06 0:23 ` [PATCH] LSM: Update comment on security_sock_rcv_skb Tetsuo Handa
2010-01-06 3:27 ` Serge E. Hallyn
2010-01-10 21:53 ` James Morris
2010-01-10 16:20 ` [RFC 0/9] snet: Security for NETwork syscalls jamal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100104183943.GB6034@us.ibm.com \
--to=serue@us.ibm.com \
--cc=hadi@cyberus.ca \
--cc=kaber@trash.net \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=sam@synack.fr \
--cc=zbr@ioremap.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.