Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934930AbbGHQrA (ORCPT ); Wed, 8 Jul 2015 12:47:00 -0400 Received: from smtp102.biz.mail.bf1.yahoo.com ([98.139.221.61]:45687 "EHLO smtp102.biz.mail.bf1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933437AbbGHQq4 (ORCPT ); Wed, 8 Jul 2015 12:46:56 -0400 X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: OoVPUuAVM1nLzSFuHGr4IDcg2KG_2TpADSWQlaUpaGtONYi IdG8.S7KixHNrQ0Mrf0t2w2bT7GU6L4F8bKliP7fVt6TBjH82vYZZdKK9dRp b2HxyLmEZzV49uOAqEkl_.EsVHKX._hJ6gfR_IsPyxfZ0MG28jgqsYSqp0Z8 nw6i7sirEMYCCO.eNdHT01W197mBtTwNv.dAKLNuYQRtbgdXOnvTaJQm1ZNW YLdd4XNW6Bxe4I8Vh4KLDmA.nASyfabr_nYLkduPVBTM_8zALacGYE8dNbbV qCvYWJeVsU7Oe6RF6vbV7.cWdDiDGcAm4EOGo8CraHKNAXBoQq86owrI8kuD Hqusua5m0GefbYaZ.SncmJbZkrsLhzgTDfNU2QdWfrlTzAQvKMtdmi5OEJtq TRfDjTFptelOwYOpTzTSOUCA17VX9oA4vO._pArvF9Ebjl6kCwwE5pZ4p8wD FkYCJC8LkH9zgkaNCN6fzUfii_H8ISWJf00SlYSGqWZSuneqAKlpM1pWoLHU - X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw-- Message-ID: <559D53FA.10001@schaufler-ca.com> Date: Wed, 08 Jul 2015 09:46:50 -0700 From: Casey Schaufler User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Paul Osmialowski , Paul Moore , James Morris , "Serge E. Hallyn" , Kees Cook , Tetsuo Handa , Stephen Smalley , Neil Brown , Mark Rustad , Greg Kroah-Hartman , Daniel Mack , David Herrmann , Djalal Harouni , Shuah Khan , Al Viro , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org CC: Karol Lewandowski , Lukasz Skalski Subject: Re: [RFC 0/8] Introduce LSM to KDBUS References: <1436351110-5902-1-git-send-email-p.osmialowsk@samsung.com> In-Reply-To: <1436351110-5902-1-git-send-email-p.osmialowsk@samsung.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4329 Lines: 89 On 7/8/2015 3:25 AM, Paul Osmialowski wrote: > This patchset partially summarizes effects of collective work by > Karol Lewandowski and Paul Moore towards introduction of LSM into KDBUS. > > These patches originate from following git repositories: > > git://git.infradead.org/users/pcmoore/selinux (branch: working-kdbus) > > https://github.com/lmctl/linux.git (branch: kdbus-lsm-v4.for-systemd-v212) > > https://github.com/lmctl/kdbus.git (branch: kdbus-lsm-v4.for-systemd-v212) > > Since kdbus made its way to linux-next tree, I was kindly asked by > Karol Lewandowski to fit his work into the current kdbus code existing > there. > > As both kdbus and security related code changed a bit, so are my changes > quite substantial in places. > > Note that SELinux kdbus access control patches are absent - only SMACK part > of original work is included. Patches 2 and 3 need to be reversed. You can't add the Smack hooks until you've added the infrastructure for them. My comments should in no way be construed as an endorsement of kdbus. > > I've also made some changes to kdbus test suite. In order to see LSM hooks > in action we need to be able to run tests from different executable > binaries holding different security labels. > > Therefore I added ability to select execution of particular test by > executed binary name. This is essential for running newly added 'send' test > which should communicate with 'daemon' test running in another process. > > Karol Lewandowski (1): > lsm: make security_file_receive available for external modules > > Paul Osmialowski (7): > lsm: smack: Make ipc/kdbus includes visible so smack callbacks could > see them > lsm: kdbus security hooks > lsm: smack: smack callbacks for kdbus security hooks > kdbus: use LSM hooks in kdbus code > kdbus: TEST_CREATE_CONN now does no depend on TEST_CREATE_BUS > kdbus: selftests extended > kdbus: Ability to run kdbus test by executable binary name > > include/linux/lsm_hooks.h | 67 +++++++++++++ > include/linux/security.h | 99 +++++++++++++++++++ > ipc/kdbus/bus.c | 12 ++- > ipc/kdbus/bus.h | 3 + > ipc/kdbus/connection.c | 54 +++++++++++ > ipc/kdbus/connection.h | 4 + > ipc/kdbus/domain.c | 9 +- > ipc/kdbus/domain.h | 2 + > ipc/kdbus/endpoint.c | 11 +++ > ipc/kdbus/names.c | 11 +++ > ipc/kdbus/queue.c | 30 ++++-- > security/security.c | 118 +++++++++++++++++++++++ > security/smack/Makefile | 2 + > security/smack/smack_lsm.c | 68 +++++++++++++ > tools/testing/selftests/kdbus/Makefile | 1 + > tools/testing/selftests/kdbus/kdbus-test.c | 37 ++++++- > tools/testing/selftests/kdbus/kdbus-test.h | 1 + > tools/testing/selftests/kdbus/kdbus-util.c | 37 ++++--- > tools/testing/selftests/kdbus/kdbus-util.h | 2 +- > tools/testing/selftests/kdbus/test-activator.c | 20 ++-- > tools/testing/selftests/kdbus/test-chat.c | 6 +- > tools/testing/selftests/kdbus/test-connection.c | 8 +- > tools/testing/selftests/kdbus/test-fd.c | 2 +- > tools/testing/selftests/kdbus/test-message.c | 69 ++++++++----- > tools/testing/selftests/kdbus/test-metadata-ns.c | 10 +- > tools/testing/selftests/kdbus/test-monitor.c | 9 +- > tools/testing/selftests/kdbus/test-policy-ns.c | 8 +- > tools/testing/selftests/kdbus/test-policy-priv.c | 48 +++++---- > tools/testing/selftests/kdbus/test-send.c | 84 ++++++++++++++++ > tools/testing/selftests/kdbus/test-sync.c | 2 +- > tools/testing/selftests/kdbus/test-timeout.c | 2 +- > 31 files changed, 732 insertions(+), 104 deletions(-) > create mode 100644 tools/testing/selftests/kdbus/test-send.c > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/