| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20110809.003326.1002501904080430572.davem@davemloft.net>
Date: Tue, 09 Aug 2011 00:33:26 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: rongqing.li@...driver.com
Cc: netdev@...r.kernel.org, selinux@...ho.nsa.gov,
linux-security-module@...r.kernel.org, sds@...ho.nsa.gov
Subject: Re: [PATCH 6/6] Export the tcp sock's security context to proc.
From: <rongqing.li@...driver.com>
Date: Tue, 9 Aug 2011 15:28:30 +0800
> if (v == SEQ_START_TOKEN) {
> seq_printf(seq, "%-*s\n", TMPSZ - 1,
> " sl local_address rem_address st tx_queue "
> "rx_queue tr tm->when retrnsmt uid timeout "
> - "inode");
> + "inode seclabel");
> goto out;
> }
Unfortunately you cannot change the layout of procfs file output in
this way. It has the potential to break programs which are parsing
this file in userspace already.
The layout hasn't changed in a very long time because it is essentially
a uservisible ABI.
If you want to export new information you'll have to do it using the
facility that is extensible, and that's the netlink based socket dumping
facility implemented in inet_diag.c, tcp_diag.c and friends.
There, you can simply add a new netlink attribute that gets dumped with
the entry, which will provide the security context.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists