* linux-next: manual merge of the lblnet tree with the security-testing tree
@ 2009-03-27 5:19 Stephen Rothwell
2009-03-27 16:32 ` Paul Moore
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Rothwell @ 2009-03-27 5:19 UTC (permalink / raw)
To: Paul Moore, James Morris; +Cc: linux-next, Etienne Basset
Hi Paul, James,
Today's linux-next merge of the lblnet tree got a conflict in
security/smack/smack_lsm.c between commit
7198e2eeb44b3fe7cc97f997824002da47a9c644 ("smack: convert smack to
standard linux lists") from the security-testing tree and commits
c5b5a2a5e23a0056c76b2084ae2001e55816778a ("netlabel: Cleanup the
Smack/NetLabel code to fix incoming TCP connections") and
174531a7a4f47f47dd706985d3d5e489fec87ab2 ("smack: Add a new '-CIPSO'
option to the network address label configuration") from the lblnet tree.
I fixed it up (see below - I am not entirely sure it is correct) and can
carry the fix as necessary.
--
Cheers,
Stephen Rothwell sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/
diff --cc security/smack/smack_lsm.c
index fd20d15,4f1838b..0000000
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@@ -1295,6 -1302,42 +1300,48 @@@ static void smack_sk_free_security(stru
}
/**
+ * smack_host_label - check host based restrictions
+ * @sip: the object end
+ *
+ * looks for host based access restrictions
+ *
+ * This version will only be appropriate for really small
+ * sets of single label hosts.
+ *
+ * Returns the label of the far end or NULL if it's not special.
+ */
+ static char *smack_host_label(struct sockaddr_in *sip)
+ {
+ struct smk_netlbladdr *snp;
+ struct in_addr *siap = &sip->sin_addr;
+
+ if (siap->s_addr == 0)
+ return NULL;
+
- for (snp = smack_netlbladdrs; snp != NULL; snp = snp->smk_next)
++ rcu_read_lock();
++ list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) {
+ /*
+ * we break after finding the first match because
+ * the list is sorted from longest to shortest mask
+ * so we have found the most specific match
+ */
+ if ((&snp->smk_host.sin_addr)->s_addr ==
+ (siap->s_addr & (&snp->smk_mask)->s_addr)) {
+ /* we have found the special CIPSO option */
- if (snp->smk_label == smack_cipso_option)
++ if (snp->smk_label == smack_cipso_option) {
++ rcu_read_unlock();
+ return NULL;
++ }
+
++ rcu_read_unlock();
+ return snp->smk_label;
+ }
++ }
++ rcu_read_unlock();
+ return NULL;
+ }
+
+ /**
* smack_set_catset - convert a capset to netlabel mls categories
* @catset: the Smack categories
* @sap: where to put the netlabel categories
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: linux-next: manual merge of the lblnet tree with the security-testing tree
2009-03-27 5:19 linux-next: manual merge of the lblnet tree with the security-testing tree Stephen Rothwell
@ 2009-03-27 16:32 ` Paul Moore
2009-03-28 0:21 ` Stephen Rothwell
0 siblings, 1 reply; 3+ messages in thread
From: Paul Moore @ 2009-03-27 16:32 UTC (permalink / raw)
To: Stephen Rothwell; +Cc: James Morris, linux-next, Etienne Basset
On Friday 27 March 2009 01:19:57 am Stephen Rothwell wrote:
> Hi Paul, James,
>
> Today's linux-next merge of the lblnet tree got a conflict in
> security/smack/smack_lsm.c between commit
> 7198e2eeb44b3fe7cc97f997824002da47a9c644 ("smack: convert smack to
> standard linux lists") from the security-testing tree and commits
> c5b5a2a5e23a0056c76b2084ae2001e55816778a ("netlabel: Cleanup the
> Smack/NetLabel code to fix incoming TCP connections") and
> 174531a7a4f47f47dd706985d3d5e489fec87ab2 ("smack: Add a new '-CIPSO'
> option to the network address label configuration") from the lblnet tree.
>
> I fixed it up (see below - I am not entirely sure it is correct) and can
> carry the fix as necessary.
Thanks, I'll take care of it today. The problem is most likely due to the
"netlabel: Cleanup ..." patch as it needs to relocate the smack_host_label()
function higher in the source file as it is need earlier.
Also, just as a heads-up, I'm going to be posting the labeled networking
patches for 2.6.30 later this afternoon which should help in the future (they
are typically pulled in via James' security-testing tree).
--
paul moore
linux @ hp
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: linux-next: manual merge of the lblnet tree with the security-testing tree
2009-03-27 16:32 ` Paul Moore
@ 2009-03-28 0:21 ` Stephen Rothwell
0 siblings, 0 replies; 3+ messages in thread
From: Stephen Rothwell @ 2009-03-28 0:21 UTC (permalink / raw)
To: Paul Moore; +Cc: James Morris, linux-next, Etienne Basset
[-- Attachment #1: Type: text/plain, Size: 660 bytes --]
Hi Paul,
On Fri, 27 Mar 2009 12:32:53 -0400 Paul Moore <paul.moore@hp.com> wrote:
>
> Thanks, I'll take care of it today. The problem is most likely due to the
> "netlabel: Cleanup ..." patch as it needs to relocate the smack_host_label()
> function higher in the source file as it is need earlier.
Thanks.
> Also, just as a heads-up, I'm going to be posting the labeled networking
> patches for 2.6.30 later this afternoon which should help in the future (they
> are typically pulled in via James' security-testing tree).
OK.
--
Cheers,
Stephen Rothwell sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-03-28 0:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-03-27 5:19 linux-next: manual merge of the lblnet tree with the security-testing tree Stephen Rothwell
2009-03-27 16:32 ` Paul Moore
2009-03-28 0:21 ` Stephen Rothwell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).