| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251103113922.61232-2-bagasdotme@gmail.com>
Date: Mon, 3 Nov 2025 18:39:23 +0700
From: Bagas Sanjaya <bagasdotme@...il.com>
To: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux Documentation <linux-doc@...r.kernel.org>,
Linux Security Module <linux-security-module@...r.kernel.org>
Cc: Jonathan Corbet <corbet@....net>,
Jarkko Sakkinen <jarkko@...nel.org>,
Christian Brauner <brauner@...nel.org>,
Bagas Sanjaya <bagasdotme@...il.com>,
Jeff Layton <jlayton@...nel.org>,
Kees Cook <kees@...nel.org>,
Mickaël Salaün <mic@...ikod.net>,
Stuart Yoder <stuart.yoder@....com>
Subject: [PATCH] security: sctp: Format type and permission checks tables
Use reST grid tables for both type and permission checks tables.
Signed-off-by: Bagas Sanjaya <bagasdotme@...il.com>
---
This patch is based on lsm tree.
Documentation/security/SCTP.rst | 48 +++++++++++++++++++++------------
1 file changed, 31 insertions(+), 17 deletions(-)
diff --git a/Documentation/security/SCTP.rst b/Documentation/security/SCTP.rst
index 6d80d464ab6e7c..321bf6c8738970 100644
--- a/Documentation/security/SCTP.rst
+++ b/Documentation/security/SCTP.rst
@@ -46,24 +46,31 @@ Returns 0 on success, error on failure.
ipv4 or ipv6 address using sizeof(struct sockaddr_in) or
sizeof(struct sockaddr_in6).
- ------------------------------------------------------------------
- | BIND Type Checks |
+.. table:: BIND Type Checks
+
+ +----------------------------+-----------------------------------+
| @optname | @address contains |
- |----------------------------|-----------------------------------|
+ +============================+===================================+
| SCTP_SOCKOPT_BINDX_ADD | One or more ipv4 / ipv6 addresses |
+ +----------------------------+-----------------------------------+
| SCTP_PRIMARY_ADDR | Single ipv4 or ipv6 address |
+ +----------------------------+-----------------------------------+
| SCTP_SET_PEER_PRIMARY_ADDR | Single ipv4 or ipv6 address |
- ------------------------------------------------------------------
+ +----------------------------+-----------------------------------+
+
+.. table:: CONNECT Type Checks
- ------------------------------------------------------------------
- | CONNECT Type Checks |
+ +----------------------------+-----------------------------------+
| @optname | @address contains |
- |----------------------------|-----------------------------------|
+ +============================+===================================+
| SCTP_SOCKOPT_CONNECTX | One or more ipv4 / ipv6 addresses |
+ +----------------------------+-----------------------------------+
| SCTP_PARAM_ADD_IP | One or more ipv4 / ipv6 addresses |
+ +----------------------------+-----------------------------------+
| SCTP_SENDMSG_CONNECT | Single ipv4 or ipv6 address |
+ +----------------------------+-----------------------------------+
| SCTP_PARAM_SET_PRIMARY | Single ipv4 or ipv6 address |
- ------------------------------------------------------------------
+ +----------------------------+-----------------------------------+
A summary of the ``@...name`` entries is as follows::
@@ -228,26 +235,33 @@ The security module performs the following operations:
security_sctp_bind_connect()
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Checks permissions required for ipv4/ipv6 addresses based on the ``@...name``
-as follows::
+as follows:
- ------------------------------------------------------------------
- | BIND Permission Checks |
+.. table:: BIND Permission Checks
+
+ +----------------------------+-----------------------------------+
| @optname | @address contains |
- |----------------------------|-----------------------------------|
+ +============================+===================================+
| SCTP_SOCKOPT_BINDX_ADD | One or more ipv4 / ipv6 addresses |
+ +----------------------------+-----------------------------------+
| SCTP_PRIMARY_ADDR | Single ipv4 or ipv6 address |
+ +----------------------------+-----------------------------------+
| SCTP_SET_PEER_PRIMARY_ADDR | Single ipv4 or ipv6 address |
- ------------------------------------------------------------------
+ +----------------------------+-----------------------------------+
+
+.. table:: CONNECT Permission Checks
- ------------------------------------------------------------------
- | CONNECT Permission Checks |
+ +----------------------------+-----------------------------------+
| @optname | @address contains |
- |----------------------------|-----------------------------------|
+ +============================+===================================+
| SCTP_SOCKOPT_CONNECTX | One or more ipv4 / ipv6 addresses |
+ +----------------------------+-----------------------------------+
| SCTP_PARAM_ADD_IP | One or more ipv4 / ipv6 addresses |
+ +----------------------------+-----------------------------------+
| SCTP_SENDMSG_CONNECT | Single ipv4 or ipv6 address |
+ +----------------------------+-----------------------------------+
| SCTP_PARAM_SET_PRIMARY | Single ipv4 or ipv6 address |
- ------------------------------------------------------------------
+ +----------------------------+-----------------------------------+
`SCTP LSM Support`_ gives a summary of the ``@...name``
base-commit: dfa024bc3f67a97e1a975dd66b83af8b3845eb19
--
An old man doll... just what I always wanted! - Clara
Powered by blists - more mailing lists