SELinux Archive on lore.kernel.org
 help / color / Atom feed
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
	linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com
Subject: [PATCH 03/90] LSM: Infrastructure management of the key security blob
Date: Thu, 18 Apr 2019 17:44:50 -0700
Message-ID: <20190419004617.64627-4-casey@schaufler-ca.com> (raw)
In-Reply-To: <20190419004617.64627-1-casey@schaufler-ca.com>

From: Casey Schaufler <cschaufler@schaufler-ca.com>

Move management of the key->security blob out of the
individual security modules and into the security
infrastructure. Instead of allocating the blobs from within
the modules the modules tell the infrastructure how much
space is required, and the space is allocated there.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 include/linux/lsm_hooks.h         |  1 +
 security/security.c               | 40 ++++++++++++++++++++++++++++++-
 security/selinux/hooks.c          | 23 +++++-------------
 security/selinux/include/objsec.h |  7 ++++++
 security/smack/smack.h            |  7 ++++++
 security/smack/smack_lsm.c        | 33 ++++++++++++-------------
 6 files changed, 75 insertions(+), 36 deletions(-)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 1dbed888dab0..9e3d593a1ec3 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -2058,6 +2058,7 @@ struct lsm_blob_sizes {
 	int	lbs_sock;
 	int	lbs_superblock;
 	int	lbs_ipc;
+	int	lbs_key;
 	int	lbs_msg_msg;
 	int	lbs_task;
 };
diff --git a/security/security.c b/security/security.c
index e32b7180282e..d05f00a40e82 100644
--- a/security/security.c
+++ b/security/security.c
@@ -172,6 +172,9 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
 		blob_sizes.lbs_inode = sizeof(struct rcu_head);
 	lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode);
 	lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc);
+#ifdef CONFIG_KEYS
+	lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key);
+#endif
 	lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
 	lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock);
 	lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock);
@@ -307,6 +310,9 @@ static void __init ordered_lsm_init(void)
 	init_debug("file blob size       = %d\n", blob_sizes.lbs_file);
 	init_debug("inode blob size      = %d\n", blob_sizes.lbs_inode);
 	init_debug("ipc blob size        = %d\n", blob_sizes.lbs_ipc);
+#ifdef CONFIG_KEYS
+	init_debug("key blob size        = %d\n", blob_sizes.lbs_key);
+#endif /* CONFIG_KEYS */
 	init_debug("msg_msg blob size    = %d\n", blob_sizes.lbs_msg_msg);
 	init_debug("sock blob size       = %d\n", blob_sizes.lbs_sock);
 	init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
@@ -573,6 +579,29 @@ static int lsm_ipc_alloc(struct kern_ipc_perm *kip)
 	return 0;
 }
 
+#ifdef CONFIG_KEYS
+/**
+ * lsm_key_alloc - allocate a composite key blob
+ * @key: the key that needs a blob
+ *
+ * Allocate the key blob for all the modules
+ *
+ * Returns 0, or -ENOMEM if memory can't be allocated.
+ */
+int lsm_key_alloc(struct key *key)
+{
+	if (blob_sizes.lbs_key == 0) {
+		key->security = NULL;
+		return 0;
+	}
+
+	key->security = kzalloc(blob_sizes.lbs_key, GFP_KERNEL);
+	if (key->security == NULL)
+		return -ENOMEM;
+	return 0;
+}
+#endif /* CONFIG_KEYS */
+
 /**
  * lsm_msg_msg_alloc - allocate a composite msg_msg blob
  * @mp: the msg_msg that needs a blob
@@ -2339,12 +2368,21 @@ EXPORT_SYMBOL(security_skb_classify_flow);
 int security_key_alloc(struct key *key, const struct cred *cred,
 		       unsigned long flags)
 {
-	return call_int_hook(key_alloc, 0, key, cred, flags);
+	int rc = lsm_key_alloc(key);
+
+	if (unlikely(rc))
+		return rc;
+	rc = call_int_hook(key_alloc, 0, key, cred, flags);
+	if (unlikely(rc))
+		security_key_free(key);
+	return rc;
 }
 
 void security_key_free(struct key *key)
 {
 	call_void_hook(key_free, key);
+	kfree(key->security);
+	key->security = NULL;
 }
 
 int security_key_permission(key_ref_t key_ref,
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f38a6f484613..ee840fecfebb 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6353,11 +6353,7 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred,
 			     unsigned long flags)
 {
 	const struct task_security_struct *tsec;
-	struct key_security_struct *ksec;
-
-	ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
-	if (!ksec)
-		return -ENOMEM;
+	struct key_security_struct *ksec = selinux_key(k);
 
 	tsec = selinux_cred(cred);
 	if (tsec->keycreate_sid)
@@ -6365,18 +6361,9 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred,
 	else
 		ksec->sid = tsec->sid;
 
-	k->security = ksec;
 	return 0;
 }
 
-static void selinux_key_free(struct key *k)
-{
-	struct key_security_struct *ksec = k->security;
-
-	k->security = NULL;
-	kfree(ksec);
-}
-
 static int selinux_key_permission(key_ref_t key_ref,
 				  const struct cred *cred,
 				  unsigned perm)
@@ -6394,7 +6381,7 @@ static int selinux_key_permission(key_ref_t key_ref,
 	sid = cred_sid(cred);
 
 	key = key_ref_to_ptr(key_ref);
-	ksec = key->security;
+	ksec = selinux_key(key);
 
 	return avc_has_perm(&selinux_state,
 			    sid, ksec->sid, SECCLASS_KEY, perm, NULL);
@@ -6402,7 +6389,7 @@ static int selinux_key_permission(key_ref_t key_ref,
 
 static int selinux_key_getsecurity(struct key *key, char **_buffer)
 {
-	struct key_security_struct *ksec = key->security;
+	struct key_security_struct *ksec = selinux_key(key);
 	char *context = NULL;
 	unsigned len;
 	int rc;
@@ -6627,6 +6614,9 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
 	.lbs_file = sizeof(struct file_security_struct),
 	.lbs_inode = sizeof(struct inode_security_struct),
 	.lbs_ipc = sizeof(struct ipc_security_struct),
+#ifdef CONFIG_KEYS
+	.lbs_key = sizeof(struct key_security_struct),
+#endif /* CONFIG_KEYS */
 	.lbs_msg_msg = sizeof(struct msg_security_struct),
 	.lbs_sock = sizeof(struct sk_security_struct),
 	.lbs_superblock = sizeof(struct superblock_security_struct),
@@ -6842,7 +6832,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
 
 #ifdef CONFIG_KEYS
 	LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
-	LSM_HOOK_INIT(key_free, selinux_key_free),
 	LSM_HOOK_INIT(key_permission, selinux_key_permission),
 	LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
 #endif
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 29f02b8f8f31..3b78aa4ee98f 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -194,6 +194,13 @@ static inline struct superblock_security_struct *selinux_superblock(
 	return superblock->s_security + selinux_blob_sizes.lbs_superblock;
 }
 
+#ifdef CONFIG_KEYS
+static inline struct key_security_struct *selinux_key(const struct key *key)
+{
+	return key->security + selinux_blob_sizes.lbs_key;
+}
+#endif /* CONFIG_KEYS */
+
 static inline struct sk_security_struct *selinux_sock(const struct sock *sock)
 {
 	return sock->sk_security + selinux_blob_sizes.lbs_sock;
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 4ac4bf3310d7..7cc3a3382fee 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -386,6 +386,13 @@ static inline struct superblock_smack *smack_superblock(
 	return superblock->s_security + smack_blob_sizes.lbs_superblock;
 }
 
+#ifdef CONFIG_KEYS
+static inline struct smack_known **smack_key(const struct key *key)
+{
+	return key->security + smack_blob_sizes.lbs_key;
+}
+#endif /* CONFIG_KEYS */
+
 /*
  * Is the directory transmuting?
  */
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index fd69e1bd841b..e9560b078efe 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4179,23 +4179,13 @@ static void smack_inet_csk_clone(struct sock *sk,
 static int smack_key_alloc(struct key *key, const struct cred *cred,
 			   unsigned long flags)
 {
+	struct smack_known **blob = smack_key(key);
 	struct smack_known *skp = smk_of_task(smack_cred(cred));
 
-	key->security = skp;
+	*blob = skp;
 	return 0;
 }
 
-/**
- * smack_key_free - Clear the key security blob
- * @key: the object
- *
- * Clear the blob pointer
- */
-static void smack_key_free(struct key *key)
-{
-	key->security = NULL;
-}
-
 /**
  * smack_key_permission - Smack access on a key
  * @key_ref: gets to the object
@@ -4208,6 +4198,8 @@ static void smack_key_free(struct key *key)
 static int smack_key_permission(key_ref_t key_ref,
 				const struct cred *cred, unsigned perm)
 {
+	struct smack_known **blob;
+	struct smack_known *skp;
 	struct key *keyp;
 	struct smk_audit_info ad;
 	struct smack_known *tkp = smk_of_task(smack_cred(cred));
@@ -4227,7 +4219,9 @@ static int smack_key_permission(key_ref_t key_ref,
 	 * If the key hasn't been initialized give it access so that
 	 * it may do so.
 	 */
-	if (keyp->security == NULL)
+	blob = smack_key(keyp);
+	skp = *blob;
+	if (skp == NULL)
 		return 0;
 	/*
 	 * This should not occur
@@ -4247,8 +4241,8 @@ static int smack_key_permission(key_ref_t key_ref,
 		request |= MAY_READ;
 	if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
 		request |= MAY_WRITE;
-	rc = smk_access(tkp, keyp->security, request, &ad);
-	rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
+	rc = smk_access(tkp, skp, request, &ad);
+	rc = smk_bu_note("key access", tkp, skp, request, rc);
 	return rc;
 }
 
@@ -4263,11 +4257,12 @@ static int smack_key_permission(key_ref_t key_ref,
  */
 static int smack_key_getsecurity(struct key *key, char **_buffer)
 {
-	struct smack_known *skp = key->security;
+	struct smack_known **blob = smack_key(key);
+	struct smack_known *skp = *blob;
 	size_t length;
 	char *copy;
 
-	if (key->security == NULL) {
+	if (skp == NULL) {
 		*_buffer = NULL;
 		return 0;
 	}
@@ -4550,6 +4545,9 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
 	.lbs_file = sizeof(struct smack_known *),
 	.lbs_inode = sizeof(struct inode_smack),
 	.lbs_ipc = sizeof(struct smack_known *),
+#ifdef CONFIG_KEYS
+	.lbs_key = sizeof(struct smack_known *),
+#endif /* CONFIG_KEYS */
 	.lbs_msg_msg = sizeof(struct smack_known *),
 	.lbs_sock = sizeof(struct socket_smack),
 	.lbs_superblock = sizeof(struct superblock_smack),
@@ -4671,7 +4669,6 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
  /* key management security hooks */
 #ifdef CONFIG_KEYS
 	LSM_HOOK_INIT(key_alloc, smack_key_alloc),
-	LSM_HOOK_INIT(key_free, smack_key_free),
 	LSM_HOOK_INIT(key_permission, smack_key_permission),
 	LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
 #endif /* CONFIG_KEYS */
-- 
2.19.1


  parent reply index

Thread overview: 89+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-19  0:44 [PATCH 00/90] LSM: Module stacking for all Casey Schaufler
2019-04-19  0:44 ` [PATCH 01/90] LSM: Infrastructure management of the superblock Casey Schaufler
2019-04-19  0:44 ` [PATCH 02/90] LSM: Infrastructure management of the sock security Casey Schaufler
2019-04-19  0:44 ` Casey Schaufler [this message]
2019-04-19  0:44 ` [PATCH 04/90] LSM: Create an lsm_export data structure Casey Schaufler
2019-04-19  0:44 ` [PATCH 05/90] LSM: Use lsm_export in the inode_getsecid hooks Casey Schaufler
2019-04-19  0:44 ` [PATCH 06/90] LSM: Use lsm_export in the cred_getsecid hooks Casey Schaufler
2019-04-19  0:44 ` [PATCH 07/90] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks Casey Schaufler
2019-04-19  0:44 ` [PATCH 08/90] LSM: Use lsm_export in the kernel_ask_as hooks Casey Schaufler
2019-04-19  0:44 ` [PATCH 09/90] LSM: Use lsm_export in the getpeersec_dgram hooks Casey Schaufler
2019-04-19  0:44 ` [PATCH 10/90] LSM: Use lsm_export in the audit_rule_match hooks Casey Schaufler
2019-04-19  0:44 ` [PATCH 11/90] LSM: Fix logical operation in lsm_export checks Casey Schaufler
2019-04-19  0:44 ` [PATCH 12/90] LSM: Use lsm_export in the secid_to_secctx hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 13/90] LSM: Use lsm_export in the secctx_to_secid hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 14/90] LSM: Use lsm_export in security_audit_rule_match Casey Schaufler
2019-04-19  0:45 ` [PATCH 15/90] LSM: Use lsm_export in security_kernel_act_as Casey Schaufler
2019-04-19  0:45 ` [PATCH 16/90] LSM: Use lsm_export in security_socket_getpeersec_dgram Casey Schaufler
2019-04-19  0:45 ` [PATCH 17/90] LSM: Use lsm_export in security_secctx_to_secid Casey Schaufler
2019-04-19  0:45 ` [PATCH 18/90] LSM: Use lsm_export in security_secid_to_secctx Casey Schaufler
2019-04-19  0:45 ` [PATCH 19/90] LSM: Use lsm_export in security_ipc_getsecid Casey Schaufler
2019-04-19  0:45 ` [PATCH 20/90] LSM: Use lsm_export in security_task_getsecid Casey Schaufler
2019-04-19  0:45 ` [PATCH 21/90] LSM: Use lsm_export in security_inode_getsecid Casey Schaufler
2019-04-19  0:45 ` [PATCH 22/90] LSM: Use lsm_export in security_cred_getsecid Casey Schaufler
2019-04-19  0:45 ` [PATCH 23/90] Audit: Change audit_sig_sid to audit_sig_lsm Casey Schaufler
2019-04-19  0:45 ` [PATCH 24/90] Audit: Convert target_sid to an lsm_export structure Casey Schaufler
2019-04-19  0:45 ` [PATCH 25/90] Audit: Convert osid " Casey Schaufler
2019-04-19  0:45 ` [PATCH 26/90] IMA: Clean out lsm_export scaffolding Casey Schaufler
2019-04-19  0:45 ` [PATCH 27/90] NET: Change the UNIXCB from a secid to an lsm_export Casey Schaufler
2019-04-19  0:45 ` [PATCH 28/90] NET: Remove scaffolding on secmarks Casey Schaufler
2019-04-19  0:45 ` [PATCH 29/90] NET: Remove scaffolding on new secmarks Casey Schaufler
2019-04-19  0:45 ` [PATCH 30/90] NET: Remove netfilter scaffolding for lsm_export Casey Schaufler
2019-04-19  0:45 ` [PATCH 31/90] Netlabel: Replace secids with lsm_export Casey Schaufler
2019-04-19  0:45 ` [PATCH 32/90] LSM: Remove lsm_export scaffolding functions Casey Schaufler
2019-04-19  0:45 ` [PATCH 33/90] IMA: FIXUP prototype using lsm_export Casey Schaufler
2019-04-19  0:45 ` [PATCH 34/90] Smack: Restore the release_secctx hook Casey Schaufler
2019-04-19  0:45 ` [PATCH 35/90] AppArmor: Remove unnecessary hook stub Casey Schaufler
2019-04-19  0:45 ` [PATCH 36/90] LSM: Limit calls to certain module hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 37/90] LSM: Create a data structure for a security context Casey Schaufler
2019-04-19  0:45 ` [PATCH 38/90] LSM: Use lsm_context in secid_to_secctx hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 39/90] LSM: Use lsm_context in secctx_to_secid hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 40/90] LSM: Use lsm_context in inode_getsecctx hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 41/90] LSM: Use lsm_context in inode_notifysecctx hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 42/90] LSM: Use lsm_context in dentry_init_security hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 43/90] LSM: Use lsm_context in security_dentry_init_security Casey Schaufler
2019-04-19  0:45 ` [PATCH 44/90] LSM: Use lsm_context in security_inode_notifysecctx Casey Schaufler
2019-04-19  0:45 ` [PATCH 45/90] LSM: Use lsm_context in security_inode_getsecctx Casey Schaufler
2019-04-19  0:45 ` [PATCH 46/90] LSM: Use lsm_context in security_secctx_to_secid Casey Schaufler
2019-04-19  0:45 ` [PATCH 47/90] LSM: Use lsm_context in release_secctx hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 48/90] LSM: Use lsm_context in security_release_secctx Casey Schaufler
2019-04-19  0:45 ` [PATCH 49/90] LSM: Use lsm_context in security_secid_to_secctx Casey Schaufler
2019-04-19  0:45 ` [PATCH 50/90] fs: remove lsm_context scaffolding Casey Schaufler
2019-04-19  0:45 ` [PATCH 51/90] LSM: Add the release function to the lsm_context Casey Schaufler
2019-04-19  0:45 ` [PATCH 52/90] LSM: Use lsm_context in inode_setsecctx hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 53/90] LSM: Use lsm_context in security_inode_setsecctx Casey Schaufler
2019-04-19  0:45 ` [PATCH 54/90] kernfs: remove lsm_context scaffolding Casey Schaufler
2019-04-19  0:45 ` [PATCH 55/90] LSM: Remove unused macro Casey Schaufler
2019-04-19  0:45 ` [PATCH 56/90] LSM: Special handling for secctx lsm hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 57/90] SELinux: Use blob offset in current_sid Casey Schaufler
2019-04-19  0:45 ` [PATCH 58/90] LSM: Specify which LSM to display Casey Schaufler
2019-04-19  0:45 ` [PATCH 59/90] AppArmor: Remove the exclusive flag Casey Schaufler
2019-04-19  0:45 ` [PATCH 60/90] LSM: Add secmark_relabel_packet to the set of one call hooks Casey Schaufler
2019-04-19  0:45 ` [PATCH 61/90] LSM: Make getting the secmark right cleaner Casey Schaufler
2019-04-19  0:45 ` [PATCH 62/90] netfilter: Fix memory leak introduced with lsm_context Casey Schaufler
2019-04-19  0:45 ` [PATCH 63/90] Smack: Consolidate secmark conversions Casey Schaufler
2019-04-19  0:45 ` [PATCH 64/90] netfilter: Remove unnecessary NULL check in lsm_context Casey Schaufler
2019-04-19  0:45 ` [PATCH 65/90] LSM: Add secmark refcounting to call_one list Casey Schaufler
2019-04-19  0:45 ` [PATCH 66/90] LSM: refactor security_setprocattr Casey Schaufler
2019-04-19  0:45 ` [PATCH 67/90] Smack: Detect if secmarks can be safely used Casey Schaufler
2019-04-19  0:45 ` [PATCH 68/90] LSM: Support multiple LSMs using inode_init_security Casey Schaufler
2019-04-19  0:45 ` [PATCH 69/90] LSM: Use full security context in security_inode_setsecctx Casey Schaufler
2019-04-22 13:13   ` Tetsuo Handa
2019-04-22 20:45     ` Casey Schaufler
2019-04-22 21:01       ` Tetsuo Handa
2019-04-19  0:45 ` [PATCH 70/90] LSM: Correct handling of ENOSYS in inode_setxattr Casey Schaufler
2019-04-19  0:45 ` [PATCH 71/90] LSM: Infrastructure security blobs for mount options Casey Schaufler
2019-04-19  0:45 ` [PATCH 72/90] LSM: Fix for security_init_inode_security Casey Schaufler
2019-04-19  0:46 ` [PATCH 73/90] Smack: Advertise the secid to netlabel Casey Schaufler
2019-04-19  0:46 ` [PATCH 74/90] LSM: Change error detection for UDP peer security Casey Schaufler
2019-04-19  0:46 ` [PATCH 75/90] Smack: Fix setting of the CIPSO MLS_CAT flags Casey Schaufler
2019-04-19  0:46 ` [PATCH 76/90] Smack: Set netlabel flags properly on new label import Casey Schaufler
2019-04-19  0:46 ` [PATCH 77/90] Netlabel: Add a secattr comparison API function Casey Schaufler
2019-04-19  0:46 ` [PATCH 78/90] Smack: Let netlabel do the work on the ambient domain Casey Schaufler
2019-04-19  0:46 ` [PATCH 79/90] Smack: Don't set the socket label on each send Casey Schaufler
2019-04-19  0:46 ` [PATCH 80/90] Smack: Let netlabel do the work on connections Casey Schaufler
2019-04-19  0:46 ` [PATCH 81/90] Netlabel: Return the labeling type on socket Casey Schaufler
2019-04-19 15:27 ` [PATCH 00/90] LSM: Module stacking for all Stephen Smalley
2019-04-21 17:31   ` Casey Schaufler
2019-04-22 12:46     ` Stephen Smalley
2019-04-22 16:10       ` Casey Schaufler

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190419004617.64627-4-casey@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=casey.schaufler@intel.com \
    --cc=jmorris@namei.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org selinux@archiver.kernel.org
	public-inbox-index selinux


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/ public-inbox