Re: [PATCH 03/17] security: Add a hook for the point of notification... | linux-api

[PATCH 00/17] pipe: Keyrings, mount and superblock notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
[PATCH 01/17] uapi: General notification queue definitions [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
[PATCH 02/17] security: Add hooks to rule on setting a watch [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
Re: [PATCH 02/17] security: Add hooks to rule on setting a watch [ver #5] · James Morris <jmorris@namei.org> · 2020-03-18
[PATCH 03/17] security: Add a hook for the point of notification insertion [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
Re: [PATCH 03/17] security: Add a hook for the point of notification insertion [ver #5] · James Morris <jmorris@namei.org> · 2020-03-18
[PATCH 04/17] pipe: Add O_NOTIFICATION_PIPE [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
[PATCH 05/17] pipe: Add general notification queue support [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
[PATCH 06/17] watch_queue: Add a key/keyring notification facility [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
Re: [PATCH 06/17] watch_queue: Add a key/keyring notification facility [ver #5] · James Morris <jmorris@namei.org> · 2020-03-18
[PATCH 07/17] Add sample notification program [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
[PATCH 08/17] pipe: Allow buffers to be marked read-whole-or-error for notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
[PATCH 09/17] pipe: Add notification lossage handling [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
[PATCH 10/17] selinux: Implement the watch_key security hook [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
Re: [PATCH 10/17] selinux: Implement the watch_key security hook [ver #5] · James Morris <jmorris@namei.org> · 2020-03-18
[PATCH 11/17] smack: Implement the watch_key and post_notification hooks [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
[PATCH 12/17] watch_queue: Add security hooks to rule on setting mount and sb watches [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
Re: [PATCH 12/17] watch_queue: Add security hooks to rule on setting mount and sb watches [ver #5] · James Morris <jmorris@namei.org> · 2020-03-18
[PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Miklos Szeredi <miklos@szeredi.hu> · 2020-04-02
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Ian Kent <raven@themaw.net> · 2020-06-14
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Miklos Szeredi <miklos@szeredi.hu> · 2020-06-15
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-07-23
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-07-24
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Ian Kent <raven@themaw.net> · 2020-07-24
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-07-24
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Miklos Szeredi <miklos@szeredi.hu> · 2020-08-03
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-08-03
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-08-03
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Miklos Szeredi <miklos@szeredi.hu> · 2020-08-03
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-08-03
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Ian Kent <raven@themaw.net> · 2020-08-03
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-08-03
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Ian Kent <raven@themaw.net> · 2020-08-03
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Miklos Szeredi <miklos@szeredi.hu> · 2020-08-03
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Ian Kent <raven@themaw.net> · 2020-08-04
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Miklos Szeredi <miklos@szeredi.hu> · 2020-08-04
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Ian Kent <raven@themaw.net> · 2020-08-05
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Miklos Szeredi <miklos@szeredi.hu> · 2020-08-05
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Ian Kent <raven@themaw.net> · 2020-08-05
Re: [PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications [ver #5] · Miklos Szeredi <miklos@szeredi.hu> · 2020-08-05
[PATCH 14/17] watch_queue: sample: Display mount tree change notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
[PATCH 15/17] watch_queue: Introduce a non-repeating system-unique superblock ID [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
[PATCH 16/17] watch_queue: Add superblock notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18
[PATCH 17/17] watch_queue: sample: Display superblock notifications [ver #5] · David Howells <dhowells@redhat.com> · 2020-03-18

Re: [PATCH 03/17] security: Add a hook for the point of notification insertion [ver #5]

From: James Morris <jmorris@namei.org>
Date: 2020-03-18 18:57:57
Also in: keyrings, linux-fsdevel, linux-security-module, lkml

On Wed, 18 Mar 2020, David Howells wrote:

Add a security hook that allows an LSM to rule on whether a notification
message is allowed to be inserted into a particular watch queue.

The hook is given the following information:

 (1) The credentials of the triggerer (which may be init_cred for a system
     notification, eg. a hardware error).

 (2) The credentials of the whoever set the watch.

 (3) The notification message.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: Casey Schaufler <casey@schaufler-ca.com>
cc: Stephen Smalley <redacted>
cc: linux-security-module@vger.kernel.org
---

 include/linux/lsm_hooks.h |   14 ++++++++++++++
 include/linux/security.h  |   14 ++++++++++++++
 security/security.c       |    9 +++++++++
 3 files changed, 37 insertions(+)


Acked-by: James Morris <redacted>


-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help