* [RFC v2 PATCH 0/2] kernel: Add SELinux SCTP protocol support
@ 2017-02-22 17:02 ` Richard Haines
0 siblings, 0 replies; 2+ messages in thread
From: Richard Haines @ 2017-02-22 17:02 UTC (permalink / raw)
To: selinux, linux-sctp, linux-security-module
This patch has been tested on Fedora 25 with kernel 4.9.9 using
the targeted policy. It therefore does not require the
"support distinctions among all network address families" [1] kernel
patch.
V2 Changes:
1) All comments in [2], [3] and [4] should now be resolved.
2) After discussions with Marcelo (thanks very much for your help),
the permissions have been simplified and support added for ASCONF
chunk processing.
3) The SCTP SELinux code has been moved into hooks.c
4) There are support patches listed in PATCH 2/2 for the new
sctp portcon statement and sctp tests for the selinux-testsuite.
ToDo:
1) Add code to support a policy capability or utilise the
"extended_socket_class" [1] depending on how this patch progresses.
2) Produce refpolicy updates.
[1] http://marc.info/?l=selinux&m\x148103642804873&w=2
[2] http://marc.info/?l=linux-sctp&m\x148173536525998&w=2
[3] http://marc.info/?l=linux-sctp&m\x148174029127754&w=2
[4] http://marc.info/?l=selinux&m\x148233701411363&w=2
Richard Haines (2):
kernel: Add LSM hooks for SCTP support
kernel: Add SELinux SCTP protocol support
Documentation/security/LSM-sctp.txt | 171 +++++++++++++++++++++++++
Documentation/security/SELinux-sctp.txt | 178 ++++++++++++++++++++++++++
include/linux/lsm_hooks.h | 37 ++++++
include/linux/security.h | 33 +++++
include/net/sctp/structs.h | 7 ++
net/sctp/sm_make_chunk.c | 12 ++
net/sctp/sm_statefuns.c | 20 +++
net/sctp/socket.c | 42 ++++++-
security/security.c | 34 +++++
security/selinux/hooks.c | 213 ++++++++++++++++++++++++++++++--
security/selinux/include/classmap.h | 3 +
11 files changed, 741 insertions(+), 9 deletions(-)
create mode 100644 Documentation/security/LSM-sctp.txt
create mode 100644 Documentation/security/SELinux-sctp.txt
--
2.9.3
^ permalink raw reply [flat|nested] 2+ messages in thread
* [RFC v2 PATCH 0/2] kernel: Add SELinux SCTP protocol support
@ 2017-02-22 17:02 ` Richard Haines
0 siblings, 0 replies; 2+ messages in thread
From: Richard Haines @ 2017-02-22 17:02 UTC (permalink / raw)
To: selinux, linux-sctp, linux-security-module
This patch has been tested on Fedora 25 with kernel 4.9.9 using
the targeted policy. It therefore does not require the
"support distinctions among all network address families" [1] kernel
patch.
V2 Changes:
1) All comments in [2], [3] and [4] should now be resolved.
2) After discussions with Marcelo (thanks very much for your help),
the permissions have been simplified and support added for ASCONF
chunk processing.
3) The SCTP SELinux code has been moved into hooks.c
4) There are support patches listed in PATCH 2/2 for the new
sctp portcon statement and sctp tests for the selinux-testsuite.
ToDo:
1) Add code to support a policy capability or utilise the
"extended_socket_class" [1] depending on how this patch progresses.
2) Produce refpolicy updates.
[1] http://marc.info/?l=selinux&m=148103642804873&w=2
[2] http://marc.info/?l=linux-sctp&m=148173536525998&w=2
[3] http://marc.info/?l=linux-sctp&m=148174029127754&w=2
[4] http://marc.info/?l=selinux&m=148233701411363&w=2
Richard Haines (2):
kernel: Add LSM hooks for SCTP support
kernel: Add SELinux SCTP protocol support
Documentation/security/LSM-sctp.txt | 171 +++++++++++++++++++++++++
Documentation/security/SELinux-sctp.txt | 178 ++++++++++++++++++++++++++
include/linux/lsm_hooks.h | 37 ++++++
include/linux/security.h | 33 +++++
include/net/sctp/structs.h | 7 ++
net/sctp/sm_make_chunk.c | 12 ++
net/sctp/sm_statefuns.c | 20 +++
net/sctp/socket.c | 42 ++++++-
security/security.c | 34 +++++
security/selinux/hooks.c | 213 ++++++++++++++++++++++++++++++--
security/selinux/include/classmap.h | 3 +
11 files changed, 741 insertions(+), 9 deletions(-)
create mode 100644 Documentation/security/LSM-sctp.txt
create mode 100644 Documentation/security/SELinux-sctp.txt
--
2.9.3
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-02-22 17:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-22 17:02 [RFC v2 PATCH 0/2] kernel: Add SELinux SCTP protocol support Richard Haines
2017-02-22 17:02 ` Richard Haines
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.