* [PATCH net-next 0/5] selinux: add some missing nlmsg commands
@ 2015-04-08 16:36 Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 1/5] selinux/nlmsg: add RTM_NEWNSID and RTM_GETNSID Nicolas Dichtel
` (5 more replies)
0 siblings, 6 replies; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-08 16:36 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-security-module, linux-kernel
It's not a critical issue, thus the patches are based on net-next.
Patches are splitted because the 'Fixes' tag is not the same for all commands.
security/selinux/nlmsgtab.c | 7 +++++++
1 file changed, 7 insertions(+)
Regards,
Nicolas
^ permalink raw reply [flat|nested] 19+ messages in thread
* [PATCH net-next 1/5] selinux/nlmsg: add RTM_NEWNSID and RTM_GETNSID
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
@ 2015-04-08 16:36 ` Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID Nicolas Dichtel
` (4 subsequent siblings)
5 siblings, 0 replies; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-08 16:36 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-security-module, linux-kernel, Nicolas Dichtel
These new commands are missing.
Fixes: 0c7aecd4bde4 ("netns: add rtnl cmd to add and get peer netns ids")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 2df7b900e259..91228a730801 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -73,6 +73,8 @@ static struct nlmsg_perm nlmsg_route_perms[] =
{ RTM_NEWMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
{ RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
{ RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
+ { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+ { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
};
static struct nlmsg_perm nlmsg_tcpdiag_perms[] =
--
2.2.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 1/5] selinux/nlmsg: add RTM_NEWNSID and RTM_GETNSID Nicolas Dichtel
@ 2015-04-08 16:36 ` Nicolas Dichtel
2015-04-09 11:10 ` Paul Moore
2015-04-08 16:36 ` [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO Nicolas Dichtel
` (3 subsequent siblings)
5 siblings, 1 reply; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-08 16:36 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-security-module, linux-kernel, Nicolas Dichtel
This new command is missing.
Fixes: 9a9634545c70 ("netns: notify netns id events")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 91228a730801..c8cee0766b60 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] =
{ RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
{ RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
{ RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+ { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
{ RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
};
--
2.2.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 1/5] selinux/nlmsg: add RTM_NEWNSID and RTM_GETNSID Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID Nicolas Dichtel
@ 2015-04-08 16:36 ` Nicolas Dichtel
2015-04-09 12:32 ` Stephen Smalley
2015-04-08 16:36 ` [PATCH net-next 4/5] selinux/nlmsg: add XFRM_MSG_GETSPDINFO Nicolas Dichtel
` (2 subsequent siblings)
5 siblings, 1 reply; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-08 16:36 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-security-module, linux-kernel, Nicolas Dichtel
This new command is missing.
Fixes: 880a6fab8f6b ("xfrm: configure policy hash table thresholds by netlink")
Reported-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index c8cee0766b60..4bc90c2aaea2 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -103,6 +103,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ XFRM_MSG_FLUSHPOLICY, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_NEWAE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETAE, NETLINK_XFRM_SOCKET__NLMSG_READ },
+ { XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
};
static struct nlmsg_perm nlmsg_audit_perms[] =
--
2.2.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH net-next 4/5] selinux/nlmsg: add XFRM_MSG_GETSPDINFO
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
` (2 preceding siblings ...)
2015-04-08 16:36 ` [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO Nicolas Dichtel
@ 2015-04-08 16:36 ` Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 5/5] selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO Nicolas Dichtel
2015-04-08 19:19 ` [PATCH net-next 0/5] selinux: add some missing nlmsg commands David Miller
5 siblings, 0 replies; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-08 16:36 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-security-module, linux-kernel, Nicolas Dichtel
This command is missing.
Fixes: ecfd6b183780 ("[XFRM]: Export SPD info")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 4bc90c2aaea2..d4bccfcfcf2d 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -104,6 +104,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ XFRM_MSG_NEWAE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETAE, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
+ { XFRM_MSG_GETSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
};
static struct nlmsg_perm nlmsg_audit_perms[] =
--
2.2.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH net-next 5/5] selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
` (3 preceding siblings ...)
2015-04-08 16:36 ` [PATCH net-next 4/5] selinux/nlmsg: add XFRM_MSG_GETSPDINFO Nicolas Dichtel
@ 2015-04-08 16:36 ` Nicolas Dichtel
2015-04-08 19:19 ` [PATCH net-next 0/5] selinux: add some missing nlmsg commands David Miller
5 siblings, 0 replies; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-08 16:36 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-security-module, linux-kernel, Nicolas Dichtel
These commands are missing.
Fixes: 28d8909bc790 ("[XFRM]: Export SAD info.")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index d4bccfcfcf2d..4e21b72dd709 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -103,6 +103,8 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ XFRM_MSG_FLUSHPOLICY, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_NEWAE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETAE, NETLINK_XFRM_SOCKET__NLMSG_READ },
+ { XFRM_MSG_NEWSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
+ { XFRM_MSG_GETSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
};
--
2.2.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [PATCH net-next 0/5] selinux: add some missing nlmsg commands
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
` (4 preceding siblings ...)
2015-04-08 16:36 ` [PATCH net-next 5/5] selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO Nicolas Dichtel
@ 2015-04-08 19:19 ` David Miller
5 siblings, 0 replies; 19+ messages in thread
From: David Miller @ 2015-04-08 19:19 UTC (permalink / raw)
To: nicolas.dichtel; +Cc: netdev, linux-security-module, linux-kernel
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Wed, 8 Apr 2015 18:36:37 +0200
> It's not a critical issue, thus the patches are based on net-next.
>
> Patches are splitted because the 'Fixes' tag is not the same for all
> commands.
Series applied, thanks Nicolas.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID
2015-04-08 16:36 ` [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID Nicolas Dichtel
@ 2015-04-09 11:10 ` Paul Moore
2015-04-09 13:10 ` Nicolas Dichtel
0 siblings, 1 reply; 19+ messages in thread
From: Paul Moore @ 2015-04-09 11:10 UTC (permalink / raw)
To: Nicolas Dichtel; +Cc: davem, netdev, linux-security-module, linux-kernel
On Wed, Apr 8, 2015 at 12:36 PM, Nicolas Dichtel
<nicolas.dichtel@6wind.com> wrote:
> This new command is missing.
>
> Fixes: 9a9634545c70 ("netns: notify netns id events")
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> ---
> security/selinux/nlmsgtab.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
> index 91228a730801..c8cee0766b60 100644
> --- a/security/selinux/nlmsgtab.c
> +++ b/security/selinux/nlmsgtab.c
> @@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] =
> { RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
> { RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
> { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
> + { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
> { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
> };
Can you elaborate a bit on the RTM_DELNSID type? Based only on the
name I wonder if it should be treated as a "write" and not a "read"
operation.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO
2015-04-08 16:36 ` [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO Nicolas Dichtel
@ 2015-04-09 12:32 ` Stephen Smalley
2015-04-09 13:11 ` Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
0 siblings, 2 replies; 19+ messages in thread
From: Stephen Smalley @ 2015-04-09 12:32 UTC (permalink / raw)
To: Nicolas Dichtel, davem
Cc: netdev, linux-security-module, linux-kernel, Paul Moore
On 04/08/2015 12:36 PM, Nicolas Dichtel wrote:
> This new command is missing.
>
> Fixes: 880a6fab8f6b ("xfrm: configure policy hash table thresholds by netlink")
> Reported-by: Christophe Gouault <christophe.gouault@6wind.com>
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> ---
> security/selinux/nlmsgtab.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
> index c8cee0766b60..4bc90c2aaea2 100644
> --- a/security/selinux/nlmsgtab.c
> +++ b/security/selinux/nlmsgtab.c
> @@ -103,6 +103,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
> { XFRM_MSG_FLUSHPOLICY, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
> { XFRM_MSG_NEWAE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
> { XFRM_MSG_GETAE, NETLINK_XFRM_SOCKET__NLMSG_READ },
> + { XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
> };
>
> static struct nlmsg_perm nlmsg_audit_perms[] =
>
Seem to be missing a number of the other commands defined in
include/uapi/linux/xfrm.h as well, e.g. XFRM_MSG_REPORT,
XFRM_MSG_MIGRATE, XFRM_MSG_NEWSADINFO, XFRM_MSG_GETSADINFO,
XFRM_MSG_GETSPDINFO, XFRM_MSG_MAPPING.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID
2015-04-09 11:10 ` Paul Moore
@ 2015-04-09 13:10 ` Nicolas Dichtel
0 siblings, 0 replies; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-09 13:10 UTC (permalink / raw)
To: Paul Moore; +Cc: davem, netdev, linux-security-module, linux-kernel
Le 09/04/2015 13:10, Paul Moore a écrit :
[snip]
>> --- a/security/selinux/nlmsgtab.c
>> +++ b/security/selinux/nlmsgtab.c
>> @@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] =
>> { RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>> { RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>> { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>> + { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>> { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>> };
>
> Can you elaborate a bit on the RTM_DELNSID type? Based only on the
> name I wonder if it should be treated as a "write" and not a "read"
> operation.
The user is not allowed to delete a nsid (no method is implemented). This
RTM_DELNSID is only used for notifications.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID
@ 2015-04-09 13:10 ` Nicolas Dichtel
0 siblings, 0 replies; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-09 13:10 UTC (permalink / raw)
To: Paul Moore; +Cc: davem, netdev, linux-security-module, linux-kernel
Le 09/04/2015 13:10, Paul Moore a écrit :
[snip]
>> --- a/security/selinux/nlmsgtab.c
>> +++ b/security/selinux/nlmsgtab.c
>> @@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] =
>> { RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>> { RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>> { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>> + { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>> { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>> };
>
> Can you elaborate a bit on the RTM_DELNSID type? Based only on the
> name I wonder if it should be treated as a "write" and not a "read"
> operation.
The user is not allowed to delete a nsid (no method is implemented). This
RTM_DELNSID is only used for notifications.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO
2015-04-09 12:32 ` Stephen Smalley
@ 2015-04-09 13:11 ` Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
1 sibling, 0 replies; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-09 13:11 UTC (permalink / raw)
To: Stephen Smalley, davem
Cc: netdev, linux-security-module, linux-kernel, Paul Moore
Le 09/04/2015 14:32, Stephen Smalley a écrit :
[snip]
> Seem to be missing a number of the other commands defined in
> include/uapi/linux/xfrm.h as well, e.g. XFRM_MSG_REPORT,
> XFRM_MSG_MIGRATE, XFRM_MSG_NEWSADINFO, XFRM_MSG_GETSADINFO,
> XFRM_MSG_GETSPDINFO, XFRM_MSG_MAPPING.
Right, I will provide a patch.
Thank you,
Nicolas
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID
2015-04-09 13:10 ` Nicolas Dichtel
@ 2015-04-09 20:47 ` Paul Moore
-1 siblings, 0 replies; 19+ messages in thread
From: Paul Moore @ 2015-04-09 20:47 UTC (permalink / raw)
To: nicolas.dichtel; +Cc: davem, netdev, linux-security-module, linux-kernel
On Thu, Apr 9, 2015 at 9:10 AM, Nicolas Dichtel
<nicolas.dichtel@6wind.com> wrote:
> Le 09/04/2015 13:10, Paul Moore a écrit :
> [snip]
>>>
>>> --- a/security/selinux/nlmsgtab.c
>>> +++ b/security/selinux/nlmsgtab.c
>>> @@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] =
>>> { RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>>> { RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>>> { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>>> + { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>>> { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>>> };
>>
>>
>> Can you elaborate a bit on the RTM_DELNSID type? Based only on the
>> name I wonder if it should be treated as a "write" and not a "read"
>> operation.
>
> The user is not allowed to delete a nsid (no method is implemented). This
> RTM_DELNSID is only used for notifications.
Okay, thanks for clearing that up.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID
@ 2015-04-09 20:47 ` Paul Moore
0 siblings, 0 replies; 19+ messages in thread
From: Paul Moore @ 2015-04-09 20:47 UTC (permalink / raw)
To: nicolas.dichtel; +Cc: davem, netdev, linux-security-module, linux-kernel
On Thu, Apr 9, 2015 at 9:10 AM, Nicolas Dichtel
<nicolas.dichtel@6wind.com> wrote:
> Le 09/04/2015 13:10, Paul Moore a écrit :
> [snip]
>>>
>>> --- a/security/selinux/nlmsgtab.c
>>> +++ b/security/selinux/nlmsgtab.c
>>> @@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] =
>>> { RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>>> { RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>>> { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>>> + { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>>> { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>>> };
>>
>>
>> Can you elaborate a bit on the RTM_DELNSID type? Based only on the
>> name I wonder if it should be treated as a "write" and not a "read"
>> operation.
>
> The user is not allowed to delete a nsid (no method is implemented). This
> RTM_DELNSID is only used for notifications.
Okay, thanks for clearing that up.
--
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 19+ messages in thread
* [PATCH net-next 0/3] selinux: add missing xfrm nl cmd
2015-04-09 12:32 ` Stephen Smalley
2015-04-09 13:11 ` Nicolas Dichtel
@ 2015-04-10 14:24 ` Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 1/3] selinux/nlmsg: add XFRM_MSG_REPORT Nicolas Dichtel
` (3 more replies)
1 sibling, 4 replies; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-10 14:24 UTC (permalink / raw)
To: davem, sds; +Cc: netdev, linux-security-module, linux-kernel, paul
With this series, xfrm commands are fully synchronized.
security/selinux/nlmsgtab.c | 3 +++
1 file changed, 3 insertions(+)
Regards,
Nicolas
^ permalink raw reply [flat|nested] 19+ messages in thread
* [PATCH net-next 1/3] selinux/nlmsg: add XFRM_MSG_REPORT
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
@ 2015-04-10 14:24 ` Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 2/3] selinux/nlmsg: add XFRM_MSG_MIGRATE Nicolas Dichtel
` (2 subsequent siblings)
3 siblings, 0 replies; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-10 14:24 UTC (permalink / raw)
To: davem, sds
Cc: netdev, linux-security-module, linux-kernel, paul, Nicolas Dichtel
This command is missing.
Fixes: 97a64b4577ae ("[XFRM]: Introduce XFRM_MSG_REPORT.")
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 4e21b72dd709..7d49312b30e1 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -103,6 +103,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ XFRM_MSG_FLUSHPOLICY, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_NEWAE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETAE, NETLINK_XFRM_SOCKET__NLMSG_READ },
+ { XFRM_MSG_REPORT, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_NEWSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_GETSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
--
2.2.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH net-next 2/3] selinux/nlmsg: add XFRM_MSG_MIGRATE
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 1/3] selinux/nlmsg: add XFRM_MSG_REPORT Nicolas Dichtel
@ 2015-04-10 14:24 ` Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 3/3] selinux/nlmsg: add XFRM_MSG_MAPPING Nicolas Dichtel
2015-04-13 1:20 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd David Miller
3 siblings, 0 replies; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-10 14:24 UTC (permalink / raw)
To: davem, sds
Cc: netdev, linux-security-module, linux-kernel, paul, Nicolas Dichtel
This command is missing.
Fixes: 5c79de6e79cd ("[XFRM]: User interface for handling XFRM_MSG_MIGRATE")
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 7d49312b30e1..9bd7f93109a1 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -104,6 +104,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ XFRM_MSG_NEWAE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETAE, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_REPORT, NETLINK_XFRM_SOCKET__NLMSG_READ },
+ { XFRM_MSG_MIGRATE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_NEWSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_GETSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
--
2.2.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH net-next 3/3] selinux/nlmsg: add XFRM_MSG_MAPPING
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 1/3] selinux/nlmsg: add XFRM_MSG_REPORT Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 2/3] selinux/nlmsg: add XFRM_MSG_MIGRATE Nicolas Dichtel
@ 2015-04-10 14:24 ` Nicolas Dichtel
2015-04-13 1:20 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd David Miller
3 siblings, 0 replies; 19+ messages in thread
From: Nicolas Dichtel @ 2015-04-10 14:24 UTC (permalink / raw)
To: davem, sds
Cc: netdev, linux-security-module, linux-kernel, paul,
Nicolas Dichtel, Martin Willi
This command is missing.
Fixes: 3a2dfbe8acb1 ("xfrm: Notify changes in UDP encapsulation via netlink")
CC: Martin Willi <martin@strongswan.org>
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 9bd7f93109a1..30594bfa5fb1 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -109,6 +109,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ XFRM_MSG_GETSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
+ { XFRM_MSG_MAPPING, NETLINK_XFRM_SOCKET__NLMSG_READ },
};
static struct nlmsg_perm nlmsg_audit_perms[] =
--
2.2.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [PATCH net-next 0/3] selinux: add missing xfrm nl cmd
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
` (2 preceding siblings ...)
2015-04-10 14:24 ` [PATCH net-next 3/3] selinux/nlmsg: add XFRM_MSG_MAPPING Nicolas Dichtel
@ 2015-04-13 1:20 ` David Miller
3 siblings, 0 replies; 19+ messages in thread
From: David Miller @ 2015-04-13 1:20 UTC (permalink / raw)
To: nicolas.dichtel; +Cc: sds, netdev, linux-security-module, linux-kernel, paul
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Fri, 10 Apr 2015 16:24:25 +0200
> With this series, xfrm commands are fully synchronized.
Series applied, thanks.
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2015-04-13 1:20 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 1/5] selinux/nlmsg: add RTM_NEWNSID and RTM_GETNSID Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID Nicolas Dichtel
2015-04-09 11:10 ` Paul Moore
2015-04-09 13:10 ` Nicolas Dichtel
2015-04-09 13:10 ` Nicolas Dichtel
2015-04-09 20:47 ` Paul Moore
2015-04-09 20:47 ` Paul Moore
2015-04-08 16:36 ` [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO Nicolas Dichtel
2015-04-09 12:32 ` Stephen Smalley
2015-04-09 13:11 ` Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 1/3] selinux/nlmsg: add XFRM_MSG_REPORT Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 2/3] selinux/nlmsg: add XFRM_MSG_MIGRATE Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 3/3] selinux/nlmsg: add XFRM_MSG_MAPPING Nicolas Dichtel
2015-04-13 1:20 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd David Miller
2015-04-08 16:36 ` [PATCH net-next 4/5] selinux/nlmsg: add XFRM_MSG_GETSPDINFO Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 5/5] selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO Nicolas Dichtel
2015-04-08 19:19 ` [PATCH net-next 0/5] selinux: add some missing nlmsg commands David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.