Added security_socket_connect
kernel_connect is in kernel space,
but kernel_connect is used in RPC
requests (/net/sunrpc/xprtsock.c),
and the RPC protocol is used by the NFS server.
This is how we protect the TCP connection
initiated by the client.
Signed-off-by: Denis Arefev <[email protected]>
---
net/socket.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/socket.c b/net/socket.c
index 9c92c0e6c4da..9afa2b44a9e5 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -3526,6 +3526,12 @@ EXPORT_SYMBOL(kernel_accept);
int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
int flags)
{
+ int err;
+
+ err = security_socket_connect(sock, (struct sockaddr *)addr, addrlen);
+ if (err)
+ return err;
+
return sock->ops->connect(sock, addr, addrlen, flags);
}
EXPORT_SYMBOL(kernel_connect);
--
2.25.1
On Wed, 5 Apr 2023 15:53:08 +0300 Denis Arefev wrote:
> Added security_socket_connect
> kernel_connect is in kernel space,
> but kernel_connect is used in RPC
> requests (/net/sunrpc/xprtsock.c),
> and the RPC protocol is used by the NFS server.
> This is how we protect the TCP connection
> initiated by the client.
Can you please format this to look like every other commit in the
kernel and use imperative mood?
Then please add to the description _exactly_ how you're going to use
it, i.e. an example of a real rule. And CC
[email protected]