lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Aug 2009 15:46:36 -0700 (PDT) From: David Miller <davem@...emloft.net> To: unlisted-recipients:; (no To-header on input) Cc: netdev@...r.kernel.org, linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov Subject: Re: [PATCH 1/2] lsm: Add hooks to the TUN driver From: Paul Moore <paul.moore@...com> Date: Fri, 28 Aug 2009 18:12:43 -0400 > The TUN driver lacks any LSM hooks which makes it difficult for LSM modules, > such as SELinux, to enforce access controls on network traffic generated by > TUN users; this is particularly problematic for virtualization apps such as > QEMU and KVM. This patch adds three new LSM hooks designed to control the > creation and attachment of TUN devices, the hooks are: > > * security_tun_dev_create() > Provides access control for the creation of new TUN devices > > * security_tun_dev_post_create() > Provides the ability to create the necessary socket LSM state for newly > created TUN devices > > * security_tun_dev_attach() > Provides access control for attaching to existing, persistent TUN devices > and the ability to update the TUN device's socket LSM state as necessary > > Signed-off-by: Paul Moore <paul.moore@...com> > Acked-by: Eric Paris <eparis@...isplace.org> > Acked-by: Serge Hallyn <serue@...ibm.com> I'm happy if you guys merge this via the security tree, feel free to add: Acked-by: David S. Miller <davem@...emloft.net> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists