lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[NETLINK]: Encapsulate eff_cap usage within security framework.

Browse Source 
This patch encapsulates the usage of eff_cap (in netlink_skb_params) within
the security framework by extending security_netlink_recv to include a required
capability parameter and converting all direct usage of eff_caps outside
of the lsm modules to use the interface.  It also updates the SELinux
implementation of the security_netlink_send and security_netlink_recv
hooks to take advantage of the sid in the netlink_skb_params struct.
This also enables SELinux to perform auditing of netlink capability checks.
Please apply, for 2.6.18 if possible.

Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by:  James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Darrel Goeddel
2006-06-27 13:26:11 -07:00
committed by David S. Miller
parent 576a30eb64
commit c7bdb545d2
12 changed files with 35 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
net/netlink/genetlink.c
View File

@ -320,7 +320,7 @@ static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
goto errout;
}
if ((ops->flags & GENL_ADMIN_PERM) && security_netlink_recv(skb)) {
if ((ops->flags & GENL_ADMIN_PERM) && security_netlink_recv(skb, CAP_NET_ADMIN)) {
err = -EPERM;
goto errout;
}