[NETLINK]: Encapsulate eff_cap usage within security framework.
This patch encapsulates the usage of eff_cap (in netlink_skb_params) within the security framework by extending security_netlink_recv to include a required capability parameter and converting all direct usage of eff_caps outside of the lsm modules to use the interface. It also updates the SELinux implementation of the security_netlink_send and security_netlink_recv hooks to take advantage of the sid in the netlink_skb_params struct. This also enables SELinux to perform auditing of netlink capability checks. Please apply, for 2.6.18 if possible. Signed-off-by:Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov> Acked-by:
James Morris <jmorris@namei.org> Signed-off-by:
David S. Miller <davem@davemloft.net>
Showing
- include/linux/security.h 7 additions, 6 deletionsinclude/linux/security.h
- kernel/audit.c 4 additions, 4 deletionskernel/audit.c
- net/core/rtnetlink.c 1 addition, 1 deletionnet/core/rtnetlink.c
- net/decnet/netfilter/dn_rtmsg.c 1 addition, 1 deletionnet/decnet/netfilter/dn_rtmsg.c
- net/ipv4/netfilter/ip_queue.c 1 addition, 1 deletionnet/ipv4/netfilter/ip_queue.c
- net/ipv6/netfilter/ip6_queue.c 1 addition, 1 deletionnet/ipv6/netfilter/ip6_queue.c
- net/netfilter/nfnetlink.c 1 addition, 1 deletionnet/netfilter/nfnetlink.c
- net/netlink/genetlink.c 1 addition, 1 deletionnet/netlink/genetlink.c
- net/xfrm/xfrm_user.c 1 addition, 1 deletionnet/xfrm/xfrm_user.c
- security/commoncap.c 2 additions, 2 deletionssecurity/commoncap.c
- security/dummy.c 2 additions, 2 deletionssecurity/dummy.c
- security/selinux/hooks.c 13 additions, 13 deletionssecurity/selinux/hooks.c
Loading
Please register or sign in to comment