* [PATCH net-next 0/5] selinux: add some missing nlmsg commands
@ 2015-04-08 16:36 Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 1/5] selinux/nlmsg: add RTM_NEWNSID and RTM_GETNSID Nicolas Dichtel
` (5 more replies)
0 siblings, 6 replies; 17+ messages in thread
From: Nicolas Dichtel @ 2015-04-08 16:36 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-security-module, linux-kernel
It's not a critical issue, thus the patches are based on net-next.
Patches are splitted because the 'Fixes' tag is not the same for all commands.
security/selinux/nlmsgtab.c | 7 +++++++
1 file changed, 7 insertions(+)
Regards,
Nicolas
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH net-next 1/5] selinux/nlmsg: add RTM_NEWNSID and RTM_GETNSID
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
@ 2015-04-08 16:36 ` Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID Nicolas Dichtel
` (4 subsequent siblings)
5 siblings, 0 replies; 17+ messages in thread
From: Nicolas Dichtel @ 2015-04-08 16:36 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-security-module, linux-kernel, Nicolas Dichtel
These new commands are missing.
Fixes: 0c7aecd4bde4 ("netns: add rtnl cmd to add and get peer netns ids")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 2df7b900e259..91228a730801 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -73,6 +73,8 @@ static struct nlmsg_perm nlmsg_route_perms[] =
{ RTM_NEWMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
{ RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
{ RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
+ { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+ { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
};
static struct nlmsg_perm nlmsg_tcpdiag_perms[] =
--
2.2.2
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 1/5] selinux/nlmsg: add RTM_NEWNSID and RTM_GETNSID Nicolas Dichtel
@ 2015-04-08 16:36 ` Nicolas Dichtel
2015-04-09 11:10 ` Paul Moore
2015-04-08 16:36 ` [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO Nicolas Dichtel
` (3 subsequent siblings)
5 siblings, 1 reply; 17+ messages in thread
From: Nicolas Dichtel @ 2015-04-08 16:36 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-security-module, linux-kernel, Nicolas Dichtel
This new command is missing.
Fixes: 9a9634545c70 ("netns: notify netns id events")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 91228a730801..c8cee0766b60 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] =
{ RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
{ RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
{ RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+ { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
{ RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
};
--
2.2.2
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 1/5] selinux/nlmsg: add RTM_NEWNSID and RTM_GETNSID Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID Nicolas Dichtel
@ 2015-04-08 16:36 ` Nicolas Dichtel
2015-04-09 12:32 ` Stephen Smalley
2015-04-08 16:36 ` [PATCH net-next 4/5] selinux/nlmsg: add XFRM_MSG_GETSPDINFO Nicolas Dichtel
` (2 subsequent siblings)
5 siblings, 1 reply; 17+ messages in thread
From: Nicolas Dichtel @ 2015-04-08 16:36 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-security-module, linux-kernel, Nicolas Dichtel
This new command is missing.
Fixes: 880a6fab8f6b ("xfrm: configure policy hash table thresholds by netlink")
Reported-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index c8cee0766b60..4bc90c2aaea2 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -103,6 +103,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ XFRM_MSG_FLUSHPOLICY, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_NEWAE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETAE, NETLINK_XFRM_SOCKET__NLMSG_READ },
+ { XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
};
static struct nlmsg_perm nlmsg_audit_perms[] =
--
2.2.2
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH net-next 4/5] selinux/nlmsg: add XFRM_MSG_GETSPDINFO
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
` (2 preceding siblings ...)
2015-04-08 16:36 ` [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO Nicolas Dichtel
@ 2015-04-08 16:36 ` Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 5/5] selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO Nicolas Dichtel
2015-04-08 19:19 ` [PATCH net-next 0/5] selinux: add some missing nlmsg commands David Miller
5 siblings, 0 replies; 17+ messages in thread
From: Nicolas Dichtel @ 2015-04-08 16:36 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-security-module, linux-kernel, Nicolas Dichtel
This command is missing.
Fixes: ecfd6b183780 ("[XFRM]: Export SPD info")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 4bc90c2aaea2..d4bccfcfcf2d 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -104,6 +104,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ XFRM_MSG_NEWAE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETAE, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
+ { XFRM_MSG_GETSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
};
static struct nlmsg_perm nlmsg_audit_perms[] =
--
2.2.2
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH net-next 5/5] selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
` (3 preceding siblings ...)
2015-04-08 16:36 ` [PATCH net-next 4/5] selinux/nlmsg: add XFRM_MSG_GETSPDINFO Nicolas Dichtel
@ 2015-04-08 16:36 ` Nicolas Dichtel
2015-04-08 19:19 ` [PATCH net-next 0/5] selinux: add some missing nlmsg commands David Miller
5 siblings, 0 replies; 17+ messages in thread
From: Nicolas Dichtel @ 2015-04-08 16:36 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-security-module, linux-kernel, Nicolas Dichtel
These commands are missing.
Fixes: 28d8909bc790 ("[XFRM]: Export SAD info.")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index d4bccfcfcf2d..4e21b72dd709 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -103,6 +103,8 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ XFRM_MSG_FLUSHPOLICY, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_NEWAE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETAE, NETLINK_XFRM_SOCKET__NLMSG_READ },
+ { XFRM_MSG_NEWSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
+ { XFRM_MSG_GETSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
};
--
2.2.2
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH net-next 0/5] selinux: add some missing nlmsg commands
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
` (4 preceding siblings ...)
2015-04-08 16:36 ` [PATCH net-next 5/5] selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO Nicolas Dichtel
@ 2015-04-08 19:19 ` David Miller
5 siblings, 0 replies; 17+ messages in thread
From: David Miller @ 2015-04-08 19:19 UTC (permalink / raw)
To: nicolas.dichtel; +Cc: netdev, linux-security-module, linux-kernel
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Wed, 8 Apr 2015 18:36:37 +0200
> It's not a critical issue, thus the patches are based on net-next.
>
> Patches are splitted because the 'Fixes' tag is not the same for all
> commands.
Series applied, thanks Nicolas.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID
2015-04-08 16:36 ` [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID Nicolas Dichtel
@ 2015-04-09 11:10 ` Paul Moore
2015-04-09 13:10 ` Nicolas Dichtel
0 siblings, 1 reply; 17+ messages in thread
From: Paul Moore @ 2015-04-09 11:10 UTC (permalink / raw)
To: Nicolas Dichtel; +Cc: davem, netdev, linux-security-module, linux-kernel
On Wed, Apr 8, 2015 at 12:36 PM, Nicolas Dichtel
<nicolas.dichtel@6wind.com> wrote:
> This new command is missing.
>
> Fixes: 9a9634545c70 ("netns: notify netns id events")
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> ---
> security/selinux/nlmsgtab.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
> index 91228a730801..c8cee0766b60 100644
> --- a/security/selinux/nlmsgtab.c
> +++ b/security/selinux/nlmsgtab.c
> @@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] =
> { RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
> { RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
> { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
> + { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
> { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
> };
Can you elaborate a bit on the RTM_DELNSID type? Based only on the
name I wonder if it should be treated as a "write" and not a "read"
operation.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO
2015-04-08 16:36 ` [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO Nicolas Dichtel
@ 2015-04-09 12:32 ` Stephen Smalley
2015-04-09 13:11 ` Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
0 siblings, 2 replies; 17+ messages in thread
From: Stephen Smalley @ 2015-04-09 12:32 UTC (permalink / raw)
To: Nicolas Dichtel, davem
Cc: netdev, linux-security-module, linux-kernel, Paul Moore
On 04/08/2015 12:36 PM, Nicolas Dichtel wrote:
> This new command is missing.
>
> Fixes: 880a6fab8f6b ("xfrm: configure policy hash table thresholds by netlink")
> Reported-by: Christophe Gouault <christophe.gouault@6wind.com>
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> ---
> security/selinux/nlmsgtab.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
> index c8cee0766b60..4bc90c2aaea2 100644
> --- a/security/selinux/nlmsgtab.c
> +++ b/security/selinux/nlmsgtab.c
> @@ -103,6 +103,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
> { XFRM_MSG_FLUSHPOLICY, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
> { XFRM_MSG_NEWAE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
> { XFRM_MSG_GETAE, NETLINK_XFRM_SOCKET__NLMSG_READ },
> + { XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
> };
>
> static struct nlmsg_perm nlmsg_audit_perms[] =
>
Seem to be missing a number of the other commands defined in
include/uapi/linux/xfrm.h as well, e.g. XFRM_MSG_REPORT,
XFRM_MSG_MIGRATE, XFRM_MSG_NEWSADINFO, XFRM_MSG_GETSADINFO,
XFRM_MSG_GETSPDINFO, XFRM_MSG_MAPPING.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID
2015-04-09 11:10 ` Paul Moore
@ 2015-04-09 13:10 ` Nicolas Dichtel
2015-04-09 20:47 ` Paul Moore
0 siblings, 1 reply; 17+ messages in thread
From: Nicolas Dichtel @ 2015-04-09 13:10 UTC (permalink / raw)
To: Paul Moore; +Cc: davem, netdev, linux-security-module, linux-kernel
Le 09/04/2015 13:10, Paul Moore a écrit :
[snip]
>> --- a/security/selinux/nlmsgtab.c
>> +++ b/security/selinux/nlmsgtab.c
>> @@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] =
>> { RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>> { RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>> { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>> + { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>> { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>> };
>
> Can you elaborate a bit on the RTM_DELNSID type? Based only on the
> name I wonder if it should be treated as a "write" and not a "read"
> operation.
The user is not allowed to delete a nsid (no method is implemented). This
RTM_DELNSID is only used for notifications.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO
2015-04-09 12:32 ` Stephen Smalley
@ 2015-04-09 13:11 ` Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
1 sibling, 0 replies; 17+ messages in thread
From: Nicolas Dichtel @ 2015-04-09 13:11 UTC (permalink / raw)
To: Stephen Smalley, davem
Cc: netdev, linux-security-module, linux-kernel, Paul Moore
Le 09/04/2015 14:32, Stephen Smalley a écrit :
[snip]
> Seem to be missing a number of the other commands defined in
> include/uapi/linux/xfrm.h as well, e.g. XFRM_MSG_REPORT,
> XFRM_MSG_MIGRATE, XFRM_MSG_NEWSADINFO, XFRM_MSG_GETSADINFO,
> XFRM_MSG_GETSPDINFO, XFRM_MSG_MAPPING.
Right, I will provide a patch.
Thank you,
Nicolas
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID
2015-04-09 13:10 ` Nicolas Dichtel
@ 2015-04-09 20:47 ` Paul Moore
0 siblings, 0 replies; 17+ messages in thread
From: Paul Moore @ 2015-04-09 20:47 UTC (permalink / raw)
To: nicolas.dichtel; +Cc: davem, netdev, linux-security-module, linux-kernel
On Thu, Apr 9, 2015 at 9:10 AM, Nicolas Dichtel
<nicolas.dichtel@6wind.com> wrote:
> Le 09/04/2015 13:10, Paul Moore a écrit :
> [snip]
>>>
>>> --- a/security/selinux/nlmsgtab.c
>>> +++ b/security/selinux/nlmsgtab.c
>>> @@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] =
>>> { RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>>> { RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>>> { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>>> + { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>>> { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>>> };
>>
>>
>> Can you elaborate a bit on the RTM_DELNSID type? Based only on the
>> name I wonder if it should be treated as a "write" and not a "read"
>> operation.
>
> The user is not allowed to delete a nsid (no method is implemented). This
> RTM_DELNSID is only used for notifications.
Okay, thanks for clearing that up.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH net-next 0/3] selinux: add missing xfrm nl cmd
2015-04-09 12:32 ` Stephen Smalley
2015-04-09 13:11 ` Nicolas Dichtel
@ 2015-04-10 14:24 ` Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 1/3] selinux/nlmsg: add XFRM_MSG_REPORT Nicolas Dichtel
` (3 more replies)
1 sibling, 4 replies; 17+ messages in thread
From: Nicolas Dichtel @ 2015-04-10 14:24 UTC (permalink / raw)
To: davem, sds; +Cc: netdev, linux-security-module, linux-kernel, paul
With this series, xfrm commands are fully synchronized.
security/selinux/nlmsgtab.c | 3 +++
1 file changed, 3 insertions(+)
Regards,
Nicolas
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH net-next 1/3] selinux/nlmsg: add XFRM_MSG_REPORT
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
@ 2015-04-10 14:24 ` Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 2/3] selinux/nlmsg: add XFRM_MSG_MIGRATE Nicolas Dichtel
` (2 subsequent siblings)
3 siblings, 0 replies; 17+ messages in thread
From: Nicolas Dichtel @ 2015-04-10 14:24 UTC (permalink / raw)
To: davem, sds
Cc: netdev, linux-security-module, linux-kernel, paul, Nicolas Dichtel
This command is missing.
Fixes: 97a64b4577ae ("[XFRM]: Introduce XFRM_MSG_REPORT.")
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 4e21b72dd709..7d49312b30e1 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -103,6 +103,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ XFRM_MSG_FLUSHPOLICY, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_NEWAE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETAE, NETLINK_XFRM_SOCKET__NLMSG_READ },
+ { XFRM_MSG_REPORT, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_NEWSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_GETSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
--
2.2.2
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH net-next 2/3] selinux/nlmsg: add XFRM_MSG_MIGRATE
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 1/3] selinux/nlmsg: add XFRM_MSG_REPORT Nicolas Dichtel
@ 2015-04-10 14:24 ` Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 3/3] selinux/nlmsg: add XFRM_MSG_MAPPING Nicolas Dichtel
2015-04-13 1:20 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd David Miller
3 siblings, 0 replies; 17+ messages in thread
From: Nicolas Dichtel @ 2015-04-10 14:24 UTC (permalink / raw)
To: davem, sds
Cc: netdev, linux-security-module, linux-kernel, paul, Nicolas Dichtel
This command is missing.
Fixes: 5c79de6e79cd ("[XFRM]: User interface for handling XFRM_MSG_MIGRATE")
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 7d49312b30e1..9bd7f93109a1 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -104,6 +104,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ XFRM_MSG_NEWAE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETAE, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_REPORT, NETLINK_XFRM_SOCKET__NLMSG_READ },
+ { XFRM_MSG_MIGRATE, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_NEWSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_GETSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
--
2.2.2
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH net-next 3/3] selinux/nlmsg: add XFRM_MSG_MAPPING
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 1/3] selinux/nlmsg: add XFRM_MSG_REPORT Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 2/3] selinux/nlmsg: add XFRM_MSG_MIGRATE Nicolas Dichtel
@ 2015-04-10 14:24 ` Nicolas Dichtel
2015-04-13 1:20 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd David Miller
3 siblings, 0 replies; 17+ messages in thread
From: Nicolas Dichtel @ 2015-04-10 14:24 UTC (permalink / raw)
To: davem, sds
Cc: netdev, linux-security-module, linux-kernel, paul,
Nicolas Dichtel, Martin Willi
This command is missing.
Fixes: 3a2dfbe8acb1 ("xfrm: Notify changes in UDP encapsulation via netlink")
CC: Martin Willi <martin@strongswan.org>
Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
security/selinux/nlmsgtab.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 9bd7f93109a1..30594bfa5fb1 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -109,6 +109,7 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ XFRM_MSG_GETSADINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
{ XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE },
{ XFRM_MSG_GETSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_READ },
+ { XFRM_MSG_MAPPING, NETLINK_XFRM_SOCKET__NLMSG_READ },
};
static struct nlmsg_perm nlmsg_audit_perms[] =
--
2.2.2
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH net-next 0/3] selinux: add missing xfrm nl cmd
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
` (2 preceding siblings ...)
2015-04-10 14:24 ` [PATCH net-next 3/3] selinux/nlmsg: add XFRM_MSG_MAPPING Nicolas Dichtel
@ 2015-04-13 1:20 ` David Miller
3 siblings, 0 replies; 17+ messages in thread
From: David Miller @ 2015-04-13 1:20 UTC (permalink / raw)
To: nicolas.dichtel; +Cc: sds, netdev, linux-security-module, linux-kernel, paul
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Fri, 10 Apr 2015 16:24:25 +0200
> With this series, xfrm commands are fully synchronized.
Series applied, thanks.
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2015-04-13 1:20 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-04-08 16:36 [PATCH net-next 0/5] selinux: add some missing nlmsg commands Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 1/5] selinux/nlmsg: add RTM_NEWNSID and RTM_GETNSID Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 2/5] selinux/nlmsg: add RTM_GETNSID Nicolas Dichtel
2015-04-09 11:10 ` Paul Moore
2015-04-09 13:10 ` Nicolas Dichtel
2015-04-09 20:47 ` Paul Moore
2015-04-08 16:36 ` [PATCH net-next 3/5] selinux/nlmsg: add XFRM_MSG_NEWSPDINFO Nicolas Dichtel
2015-04-09 12:32 ` Stephen Smalley
2015-04-09 13:11 ` Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 1/3] selinux/nlmsg: add XFRM_MSG_REPORT Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 2/3] selinux/nlmsg: add XFRM_MSG_MIGRATE Nicolas Dichtel
2015-04-10 14:24 ` [PATCH net-next 3/3] selinux/nlmsg: add XFRM_MSG_MAPPING Nicolas Dichtel
2015-04-13 1:20 ` [PATCH net-next 0/3] selinux: add missing xfrm nl cmd David Miller
2015-04-08 16:36 ` [PATCH net-next 4/5] selinux/nlmsg: add XFRM_MSG_GETSPDINFO Nicolas Dichtel
2015-04-08 16:36 ` [PATCH net-next 5/5] selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO Nicolas Dichtel
2015-04-08 19:19 ` [PATCH net-next 0/5] selinux: add some missing nlmsg commands David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).