Received: by 10.192.165.148 with SMTP id m20csp1056036imm; Wed, 25 Apr 2018 11:52:37 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+UqOStMtAmYxFXqTI3shLMuXi4GT/oC719B2n83wTyVxDPYT8LZpS/QKmwnSCeXJrOiTo4 X-Received: by 2002:a17:902:125:: with SMTP id 34-v6mr30853492plb.42.1524682357570; Wed, 25 Apr 2018 11:52:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524682357; cv=none; d=google.com; s=arc-20160816; b=mpjR9t95HwQn3BQMKqo+7Aqwmv/PbiN/G5dbNNByB3L4Z6Ehbj+PgBDGkk0O+VO0fC bQCkAXiMhMqrvO8V1ChzbMuCi3M2PFJZy4x9g7u/WEs0/xKH+tBWDGiD5d9y6+XjLx9s /u7OJDqUjC0UN0qaquXJ9A9bC1rlAzPf4fjalWBlNuk6KyHvPB0cTCnvqUva3nf1v91N UmdAHjWoOBl2WpY46SO45/QRxXWRtwozvlULbhgEJZM6e5JZcwbp7MTHzl10CVftJSlx qasHAh7sC35YKVA12chKkDbPtYQICMbMqcofRnSz6xfFdOzPB8HK6l9R9R6incjScwHL Rdig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=WiRHeIKRl3JWvx82WC55INOQIwQ7ciEKtd3Hz2ITyvY=; b=FEiycPJxDLbti6WykPAr7N3+oAvzA4MYXsiyTFO4DIabbF4ktKtYeBOaxFyVECzzgd SKkgB0TpECo6rTf6DaFzQT3SLx4UJ4JpXToU/XhkeCo2bruwyr4AkrWy5PmtAF1h7QlX 7vXL+kJo9zwzNhEwB74qLg7CpWN1IqqvzGPJo95kxMatovnZPAqjw2vws42w9WLesVhl dgmpMweekJZcVHFthQQ7S3HP/u9ICWOj5ZRipbBslt2dsbzaSCoPS51/fKV4DaEqC5QZ QUp6aH9SRumiieb6qdSknZlck3bkhKE0QA2hgQIFLzZhAZqLajjfRuCtr2t0l302kKfK npZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=PIhswr3J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n66si13747725pga.299.2018.04.25.11.52.23; Wed, 25 Apr 2018 11:52:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=PIhswr3J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756095AbeDYSvS (ORCPT + 99 others); Wed, 25 Apr 2018 14:51:18 -0400 Received: from mail-lf0-f66.google.com ([209.85.215.66]:43934 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755371AbeDYSvP (ORCPT ); Wed, 25 Apr 2018 14:51:15 -0400 Received: by mail-lf0-f66.google.com with SMTP id g12-v6so10884509lfb.10 for ; Wed, 25 Apr 2018 11:51:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WiRHeIKRl3JWvx82WC55INOQIwQ7ciEKtd3Hz2ITyvY=; b=PIhswr3JV0QOeZ9M9ttt5/2U4CaY6vBy8giz4ebq6JpSA6/vlKcyuHadFGHtG+yw2/ SmNQXD1xchv/xolC1m/oiYJlLnBHp/X9dKkwnwwWofyvkJF/mNKvERjQNOXSfYMxLGV0 QRiXSs1TE+0v6zlLUTZ18hzzDx5qEplpCrf3OpitrgkPKGqJrtbS+WNUE5ut2xBosnz2 zUKb8ILteACyTzbslXgMytqYUFksv+VowCZatP4P6655+tA5gHr3u93dLSNMLLDZVDWx VdhOl9H2RdXZX88ugcUKU12z20JTDdhPjSdYNqz/2XO6BYXgAixTlCBQqvkaI2/MmPCX E8Nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WiRHeIKRl3JWvx82WC55INOQIwQ7ciEKtd3Hz2ITyvY=; b=lKHmLy/v8aGBhD39Ekl+0bMqSZcTyU/k1tFJdS1RoxoiDZz1AQk7IKDhnzk7nbS+IA Vi82M/+qon5mlDg3Wqzu+nFrhf3Un2k6pOxOjWJVvfMt4GGvf9+aRcgQWAOEYYZbD+uT DZQpEbrQO3uPHlPzA8WVW1VMHgt0wQ0mQZGUeSekiogmMX1Rc1CCiMOOJ1K41/TIEMgU 6J5k64ykY2Ic3RQhVZTMAkX2Vp6ckav92q3Nck+Tcvnuj+EaChuNWSHbzPuAmzIaxq5v g96D3LLJXedD/KhU1lbK+wpWPoe+y5qER9Og3TEr61TSaQSB8+yQINrXCyiLC+Gi4Jym cOzQ== X-Gm-Message-State: ALQs6tBlBAjexfRARuu1y9U3T8wnH3ImSVm0lyw/zDtrbIVPEAtwBLzg YfO8g2uK83zaOnzewzF/PEEGTV7mnsiOTSe8mWyA X-Received: by 2002:a19:1895:: with SMTP id 21-v6mr14328056lfy.39.1524682273497; Wed, 25 Apr 2018 11:51:13 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:c78f:0:0:0:0:0 with HTTP; Wed, 25 Apr 2018 11:51:12 -0700 (PDT) X-Originating-IP: [108.20.156.165] In-Reply-To: References: <20180423133015.5455-1-dh.herrmann@gmail.com> From: Paul Moore Date: Wed, 25 Apr 2018 14:51:12 -0400 Message-ID: Subject: Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2) To: James Morris Cc: David Herrmann , linux-kernel@vger.kernel.org, teg@jklm.no, Stephen Smalley , selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, Eric Paris , "Serge E. Hallyn" , "David S. Miller" , netdev@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 25, 2018 at 2:44 PM, James Morris wrote: > On Mon, 23 Apr 2018, David Herrmann wrote: >> This patch series tries to close this gap and makes both behave the >> same. A new LSM-hook is added which allows LSMs to cache the correct >> peer information on newly created socket-pairs. > > Looks okay to me. > > Once it's respun with the Smack backend and maybe the hook name change, > I'll merge this unless DaveM wants it to go in via his networking tree. Note my objection to the hook placement in patch 2/3; I think we should move the hook out of the AF_UNIX layer and up into the socket layer. -- paul moore www.paul-moore.com