lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 26 Apr 2019 20:21:02 +0200
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     Johannes Berg <johannes@...solutions.net>
Cc:     netdev@...r.kernel.org, David Ahern <dsa@...ulusnetworks.com>,
        Johannes Berg <johannes.berg@...el.com>
Subject: Re: [PATCH 6/6] netlink: add infrastructure to expose policies to
 userspace

On Fri, Apr 26, 2019 at 02:13:06PM +0200, Johannes Berg wrote:
> diff --git a/include/uapi/linux/genetlink.h b/include/uapi/linux/genetlink.h
> index 877f7fa95466..9c0636ec2286 100644
> --- a/include/uapi/linux/genetlink.h
> +++ b/include/uapi/linux/genetlink.h
> @@ -48,6 +48,7 @@ enum {
>  	CTRL_CMD_NEWMCAST_GRP,
>  	CTRL_CMD_DELMCAST_GRP,
>  	CTRL_CMD_GETMCAST_GRP, /* unused */
> +	CTRL_CMD_GETPOLICY,

It would be good to single entry point to request descriptions, ie.
have a NETLINK_DESC family for this. Thus, we could use the same
program to pull for policy/command descriptions without updating an
array that includes the command to get the policy _for each
subsystem_.

The program to inquire for policy/command descriptions would be very
much the same along time, no need for updates to include new command
type for each subsystem.

It would just spin over NETLINK_DESC discovering subsystems ID that we
support.

In genetlink, I understand this can be exception if you prefer so, ie.
I'll be fine with this CTRL_CMD_GETPOLICY if that makes it look nicer
in terms of integration with the existing infrastructure. But for
other netlink subsystems, NETLINK_DESC allows you to pull the
description for genetlink itself, not the internal subsystems.

Powered by blists - more mailing lists