| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1262437456-24476-4-git-send-email-sam@synack.fr> Date: Sat, 2 Jan 2010 14:04:10 +0100 From: Samir Bellabes <sam@...ack.fr> To: linux-security-module@...r.kernel.org Cc: Patrick McHardy <kaber@...sh.net>, jamal <hadi@...erus.ca>, Evgeniy Polyakov <zbr@...emap.net>, Neil Horman <nhorman@...driver.com>, netdev@...r.kernel.org, netfilter-devel@...r.kernel.org, Samir Bellabes <sam@...ack.fr> Subject: [RFC 3/9] snet: introduce security/snet, Makefile and Kconfig changes this patch creates a entry in folder security/ and adds Kconfig and Makefile Signed-off-by: Samir Bellabes <sam@...ack.fr> --- security/Kconfig | 1 + security/Makefile | 2 ++ security/snet/Kconfig | 22 ++++++++++++++++++++++ security/snet/Makefile | 13 +++++++++++++ 4 files changed, 38 insertions(+), 0 deletions(-) create mode 100644 security/snet/Kconfig create mode 100644 security/snet/Makefile diff --git a/security/Kconfig b/security/Kconfig index 226b955..48e8fee 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -140,6 +140,7 @@ config LSM_MMAP_MIN_ADDR source security/selinux/Kconfig source security/smack/Kconfig source security/tomoyo/Kconfig +source security/snet/Kconfig source security/integrity/ima/Kconfig diff --git a/security/Makefile b/security/Makefile index bb44e35..0870dd0 100644 --- a/security/Makefile +++ b/security/Makefile @@ -6,6 +6,7 @@ obj-$(CONFIG_KEYS) += keys/ subdir-$(CONFIG_SECURITY_SELINUX) += selinux subdir-$(CONFIG_SECURITY_SMACK) += smack subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo +subdir-$(CONFIG_SECURITY_SNET) += snet # always enable default capabilities obj-y += commoncap.o min_addr.o @@ -18,6 +19,7 @@ obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o obj-$(CONFIG_AUDIT) += lsm_audit.o obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o +obj-$(CONFIG_SECURITY_SNET) += snet/built-in.o obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o # Object integrity file lists diff --git a/security/snet/Kconfig b/security/snet/Kconfig new file mode 100644 index 0000000..e1516a1 --- /dev/null +++ b/security/snet/Kconfig @@ -0,0 +1,22 @@ +# +# snet +# + +config SECURITY_SNET + bool "snet - Security for NETwork syscalls" + depends on SECURITY_NETWORK && IPV6 + default n + ---help--- + Provide a generic netlink that reports networking's syscalls + to userspace + +config SECURITY_SNET_DEBUG + bool "snet debug messages" + depends on SECURITY_SNET + ---help--- + Only use if you are hacking snet. + + This toggles the debugging outputs, by setting the parameter snet_debug + to 0 or 1 at boot. + + Just say N diff --git a/security/snet/Makefile b/security/snet/Makefile new file mode 100644 index 0000000..ee6bd83 --- /dev/null +++ b/security/snet/Makefile @@ -0,0 +1,13 @@ +# +# Makefile for building the Security Network Events module. +# +obj-$(CONFIG_SECURITY_SNET) := snet.o + +snet-y := snet_event.o \ + snet_netlink.o \ + snet_verdict.o \ + snet_hooks.o \ + snet_core.o \ + snet_utils.o + +EXTRA_CFLAGS += -Isecurity/snet/include -- 1.6.3.3 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists