Thread (11 messages) 11 messages, 3 authors, 2009-08-12

Re: [RFC PATCH v2 1/2] lsm: Add hooks to the TUN driver

From: Paul Moore <hidden>
Date: 2009-08-12 19:43:15
Also in: selinux 

On Wednesday 12 August 2009 03:28:40 pm Serge E. Hallyn wrote:
Quoting Paul Moore (paul.moore@hp.com):
quoted
The TUN driver lacks any LSM hooks which makes it difficult for LSM
modules, such as SELinux, to enforce access controls on network traffic
generated by TUN users; this is particularly problematic for
virtualization apps such as QEMU and KVM.  This patch adds three new LSM
hooks designed to control the creation and attachment of TUN devices, the
hooks are:

 * security_tun_dev_create()
   Provides access control for the creation of new TUN devices

 * security_tun_dev_post_create()
   Provides the ability to create the necessary socket LSM state for
newly created TUN devices

 * security_tun_dev_attach()
   Provides access control for attaching to existing, persistent TUN
devices and the ability to update the TUN device's socket LSM state as
necessary ---
Acked-by: Serge Hallyn <redacted>
Thanks.

-- 
paul moore
linux @ hp
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help