Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1320048rwd; Thu, 18 May 2023 10:29:50 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6r/gNQri23eXGj83jwiM14paKvDJsDyk1XaPPef4Qv/cNKE15amHUdtoz7/hfmS+ugNitv X-Received: by 2002:a05:6a20:42a6:b0:103:3885:3738 with SMTP id o38-20020a056a2042a600b0010338853738mr221248pzj.19.1684430990457; Thu, 18 May 2023 10:29:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684430990; cv=none; d=google.com; s=arc-20160816; b=KkuFJBW5QRnULRBRQFnGCHQm0181VCa4+FEeAQZfwnDDI+wDWdFM56zwO7hZt2ezuT 52xRt//oVZe8/3PWH/A0o1IUHULRSZYrRvn1zLXppCl1cJlczDbPpglzhXPJ0tIzSzxp zZliAg5ffWvGiHDJdSvrlHAJK6jQfR84wf66Kty3r/lJu2y6Mn5V9DnxGj9ttbL+PuMo EcUZ894Nfnl8tCWFj/CyHTmZ3tqaX+mQ5oyP1ba4vbDlOIEqZyjF9NZWnM0s7Xk8Xh2t 94pdmhaVLXO0sq/CU32RKS2PWYufpeZ3Lh0RfwEKE15THa4/N4KoCnhzc1kzxzmEzAPv fCkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:references:subject:cc:to:from :message-id:date:dkim-signature; bh=cecl9/VHNrUpwV+RdOSr5dFrFgITmiZdkzQ3/+k+0yQ=; b=xmM0HCgpl/FBLleVJl8bgyQA/jVqNrMjo/3ulVWqGQ70DBI1rauLjWj71Er5qOa6hv 6eeOBL4kgBxEYI7AZ10yA9ju+RqQ5w5wbFJLAkINtJ8kxyDvqylShMZo4LUl+4AZQBGz 2G40kZMOHcCw2N0qgxz+WhwByD7CscjZBIKRNt+6r1lnplGcShFIlceZDLoD/s4gkJDk hPoX5Mmk0JMb0wXdiJaYAypXjOTZfQaDUjml3hOOPfU1yaNRqkZXIqIZMDy+1ZWfkoqe CtWFJ8rwajkj/YEkE6/GiTVOL97u4KAHy+kR2Wpg+goe069bRC5pfvT1x7PCW2Qp+Mmv rz5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=a2ydk4ld; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e69-20020a636948000000b0051410c79705si1791110pgc.867.2023.05.18.10.29.35; Thu, 18 May 2023 10:29:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=a2ydk4ld; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229808AbjERRMD (ORCPT + 99 others); Thu, 18 May 2023 13:12:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229473AbjERRMD (ORCPT ); Thu, 18 May 2023 13:12:03 -0400 Received: from mail-qv1-xf33.google.com (mail-qv1-xf33.google.com [IPv6:2607:f8b0:4864:20::f33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 21E549F for ; Thu, 18 May 2023 10:12:01 -0700 (PDT) Received: by mail-qv1-xf33.google.com with SMTP id 6a1803df08f44-62385de2d40so7187536d6.0 for ; Thu, 18 May 2023 10:12:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1684429920; x=1687021920; h=in-reply-to:references:subject:cc:to:from:message-id:date:from:to :cc:subject:date:message-id:reply-to; bh=cecl9/VHNrUpwV+RdOSr5dFrFgITmiZdkzQ3/+k+0yQ=; b=a2ydk4ldMY3LUl/eE5ctuLgxGkcOXHpcEF1REqj9U4oziCWpBY7+M1vl0aAg3jH8fD Eh1j2EKiYtpxeu4ZuwGEJRyWSb8rVw3GkQtuSsnxjYE24+z5ChkSv3wZJLfgNGw0j18E ktmjgCXabZREwUYoe7Gv5/MOihuM2iCS8awmKQPm/hZfXx1jW6Ws6KUYCsO0+3A8bfPV mC4nwI8ApCqRevArqH7TLyOEMH/ILfHRICm0MD+qkRiCOSUpmipB2ajOA75f2KCVto8r gH0OV0GJS+ksdWhZnnhvHGwj4IMBNrJCDeHg1FyxTWcuUbVXWeEzkh6FLvCVXOgUORAx nkeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684429920; x=1687021920; h=in-reply-to:references:subject:cc:to:from:message-id:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cecl9/VHNrUpwV+RdOSr5dFrFgITmiZdkzQ3/+k+0yQ=; b=FLnM8YfyMiHwd3YK9KkH5Xwix79iGFtY4mCMAqTaZ7mWp3OWM7rnPxWn/GxnnegH03 MoShCzBYTlD6+maAZg6tNWFBNWOkZlcNJ/NZohCzwcvvsePYEaVmURenR+214ubFVToN +roW7ZTAzvfyL9biMNxFDu2kSEh3NmjtjFEf5nRQ7iQDaZ+yKTAa0c3iXew9iN5uwimU IoLl/eRQ5UEWiBR3GoMCP2+kT28fTYJjxC4j3zptyk+VEfrBjKeZEzS6GPxW2MNyuQnA 0432Sm/iY1o3IfkKD45/W2sCoAPV2virejEFz/mEkePFqwOUVpEpPYT4PgMUMRCct1my WGOA== X-Gm-Message-State: AC+VfDxMdTq4HiE8C/1ogbYVsybuN95W+Z8wg3J1q0VVyg9QUAyH97yc lbHDtL2vTiFXJP/YSAxDumnf X-Received: by 2002:ad4:5be5:0:b0:621:6804:b8c0 with SMTP id k5-20020ad45be5000000b006216804b8c0mr202874qvc.8.1684429920194; Thu, 18 May 2023 10:12:00 -0700 (PDT) Received: from localhost (pool-108-26-161-203.bstnma.fios.verizon.net. [108.26.161.203]) by smtp.gmail.com with ESMTPSA id ep10-20020a05621418ea00b0062162d2c0d5sm648447qvb.68.2023.05.18.10.11.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 May 2023 10:11:59 -0700 (PDT) Date: Thu, 18 May 2023 13:11:58 -0400 Message-ID: <2a3b77fc369dd3b3e611db00c992060d.paul@paul-moore.com> From: Paul Moore To: Matthieu Baerts , James Morris , "Serge E. Hallyn" , Stephen Smalley , Eric Paris Cc: Paolo Abeni , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Ondrej Mosnacek , mptcp@lists.linux.dev, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, Matthieu Baerts Subject: Re: [PATCH v2 1/2] security, lsm: Introduce security_mptcp_add_subflow() References: <20230419-upstream-lsm-next-20230419-mptcp-sublows-user-ctx-v2-1-e7a3c8c15676@tessares.net> In-Reply-To: <20230419-upstream-lsm-next-20230419-mptcp-sublows-user-ctx-v2-1-e7a3c8c15676@tessares.net> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Apr 20, 2023 Matthieu Baerts wrote: > > MPTCP can create subflows in kernel context, and later indirectly > expose them to user-space, via the owning MPTCP socket. > > As discussed in the reported link, the above causes unexpected failures > for server, MPTCP-enabled applications. > > Let's introduce a new LSM hook to allow the security module to relabel > the subflow according to the owning user-space process, via the MPTCP > socket owning the subflow. > > Note that the new hook requires both the MPTCP socket and the new > subflow. This could allow future extensions, e.g. explicitly validating > the MPTCP <-> subflow linkage. > > Link: https://lore.kernel.org/mptcp/CAHC9VhTNh-YwiyTds=P1e3rixEDqbRTFj22bpya=+qJqfcaMfg@mail.gmail.com/ > Signed-off-by: Paolo Abeni > Acked-by: Matthieu Baerts > Signed-off-by: Matthieu Baerts > --- > v2: > - Address Paul's comments: > - clarification around "the owning process" in the commit message > - making it clear the hook has to be called after the sk init part > - consistent capitalization of "MPTCP" > --- > include/linux/lsm_hook_defs.h | 1 + > include/linux/security.h | 6 ++++++ > net/mptcp/subflow.c | 6 ++++++ > security/security.c | 17 +++++++++++++++++ > 4 files changed, 30 insertions(+) This looks good to me, merged into selinux/next - thank you for all the work that went into this! -- paul-moore.com