lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Apr 2012 18:41:02 -0400 From: Eric Paris <eparis@...hat.com> To: Kees Cook <keescook@...omium.org> Cc: linux-kernel@...r.kernel.org, James Morris <james.l.morris@...cle.com>, Casey Schaufler <casey@...aufler-ca.com>, Paul Moore <paul.moore@...com>, Al Viro <viro@...iv.linux.org.uk>, Andi Kleen <ak@...ux.intel.com>, linux-security-module@...r.kernel.org, torvalds@...ux-foundation.org Subject: Re: [PATCH] Smack: build when CONFIG_AUDIT not defined On Tue, 2012-04-10 at 13:26 -0700, Kees Cook wrote: > This fixes builds where CONFIG_AUDIT is not defined and > CONFIG_SECURITY_SMACK=y. > > Signed-off-by: Kees Cook <keescook@...omium.org> Linus I introduced this problem during our little stack space work, 48c62af68a403ef1655546bd3e021070c8508573 , so probably best if you just grab this one too. Acked-by: Eric Paris <eparis@...hat.com> > --- > security/smack/smack_lsm.c | 19 +++++++++++++++---- > 1 files changed, 15 insertions(+), 4 deletions(-) > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index 81c03a5..10056f2 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -1939,18 +1939,19 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) > char *hostsp; > struct socket_smack *ssp = sk->sk_security; > struct smk_audit_info ad; > - struct lsm_network_audit net; > > rcu_read_lock(); > hostsp = smack_host_label(sap); > if (hostsp != NULL) { > - sk_lbl = SMACK_UNLABELED_SOCKET; > #ifdef CONFIG_AUDIT > + struct lsm_network_audit net; > + > smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); > ad.a.u.net->family = sap->sin_family; > ad.a.u.net->dport = sap->sin_port; > ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr; > #endif > + sk_lbl = SMACK_UNLABELED_SOCKET; > rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad); > } else { > sk_lbl = SMACK_CIPSO_SOCKET; > @@ -2809,11 +2810,14 @@ static int smack_unix_stream_connect(struct sock *sock, > struct socket_smack *osp = other->sk_security; > struct socket_smack *nsp = newsk->sk_security; > struct smk_audit_info ad; > - struct lsm_network_audit net; > int rc = 0; > > +#ifdef CONFIG_AUDIT > + struct lsm_network_audit net; > + > smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); > smk_ad_setfield_u_net_sk(&ad, other); > +#endif > > if (!capable(CAP_MAC_OVERRIDE)) > rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); > @@ -2842,11 +2846,14 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other) > struct socket_smack *ssp = sock->sk->sk_security; > struct socket_smack *osp = other->sk->sk_security; > struct smk_audit_info ad; > - struct lsm_network_audit net; > int rc = 0; > > +#ifdef CONFIG_AUDIT > + struct lsm_network_audit net; > + > smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); > smk_ad_setfield_u_net_sk(&ad, other->sk); > +#endif > > if (!capable(CAP_MAC_OVERRIDE)) > rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); > @@ -2993,7 +3000,9 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) > char *csp; > int rc; > struct smk_audit_info ad; > +#ifdef CONFIG_AUDIT > struct lsm_network_audit net; > +#endif > if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) > return 0; > > @@ -3156,7 +3165,9 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, > char *sp; > int rc; > struct smk_audit_info ad; > +#ifdef CONFIG_AUDIT > struct lsm_network_audit net; > +#endif > > /* handle mapped IPv4 packets arriving via IPv6 sockets */ > if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists