[PATCH 0/3] Introduce LSM-hook for socketpair(2)

[PATCH 0/3] Introduce LSM-hook for socketpair(2) · David Herrmann <hidden> · 2018-04-23
[PATCH 2/3] net/unix: hook unix_socketpair() into LSM · David Herrmann <hidden> · 2018-04-23
Re: [PATCH 2/3] net/unix: hook unix_socketpair() into LSM · Paul Moore <paul@paul-moore.com> · 2018-04-24
Re: [PATCH 2/3] net/unix: hook unix_socketpair() into LSM · David Miller <davem@davemloft.net> · 2018-04-24
Re: [PATCH 2/3] net/unix: hook unix_socketpair() into LSM · Paul Moore <paul@paul-moore.com> · 2018-04-24
[PATCH 3/3] selinux: provide unix_stream_socketpair callback · David Herrmann <hidden> · 2018-04-23
Re: [PATCH 3/3] selinux: provide unix_stream_socketpair callback · Stephen Smalley <hidden> · 2018-04-23
[PATCH 1/3] security: add hook for socketpair(AF_UNIX, ...) · David Herrmann <hidden> · 2018-04-23
Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2) · Casey Schaufler <casey@schaufler-ca.com> · 2018-04-23
Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2) · "Serge E. Hallyn" <serge@hallyn.com> · 2018-04-23
Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2) · James Morris <jmorris@namei.org> · 2018-04-25
Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2) · David Miller <davem@davemloft.net> · 2018-04-25
Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2) · Paul Moore <paul@paul-moore.com> · 2018-04-25
Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2) · James Morris <jmorris@namei.org> · 2018-04-25
Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2) · David Herrmann <hidden> · 2018-05-04

From: jmorris@namei.org (James Morris)
Date: 2018-04-25 19:02:41
Also in: lkml, netdev, selinux

On Wed, 25 Apr 2018, Paul Moore wrote:

On Wed, Apr 25, 2018 at 2:44 PM, James Morris [off-list ref] wrote:

quoted

On Mon, 23 Apr 2018, David Herrmann wrote:

quoted

This patch series tries to close this gap and makes both behave the
same. A new LSM-hook is added which allows LSMs to cache the correct
peer information on newly created socket-pairs.

Looks okay to me.

Once it's respun with the Smack backend and maybe the hook name change,
I'll merge this unless DaveM wants it to go in via his networking tree.

Note my objection to the hook placement in patch 2/3; I think we
should move the hook out of the AF_UNIX layer and up into the socket
layer.

I vote for this as it maintains the intended abstraction of the socket 
API.



-- 
James Morris
[off-list ref]

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help