| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhQ54LRD7k_x6tUju2kPVBEHcdgBh46_hBN8btG0vhfy_w@mail.gmail.com> Date: Mon, 26 Jan 2026 17:41:46 -0500 From: Paul Moore <paul@...l-moore.com> To: Steffen Klassert <steffen.klassert@...unet.com> Cc: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, Aviad Yehezkel <aviadye@...lnaox.com>, Aviv Heller <avivh@...lanox.com>, Boris Pismenny <borisp@...lanox.com>, "David S. Miller" <davem@...emloft.net>, Florian Westphal <fw@...len.de>, Guy Shapiro <guysh@...lanox.com>, Ilan Tayari <ilant@...lanox.com>, Kristian Evensen <kristian.evensen@...il.com>, Leon Romanovsky <leon@...nel.org>, Leon Romanovsky <leonro@...dia.com>, Raed Salem <raeds@...lanox.com>, Raed Salem <raeds@...dia.com>, Saeed Mahameed <saeedm@...lanox.com>, Yossi Kuperman <yossiku@...lanox.com>, Network Development <netdev@...r.kernel.org>, linux-security-module <linux-security-module@...r.kernel.org> Subject: Re: [PATCH] xfrm: force flush upon NETDEV_UNREGISTER event On Thu, Jan 22, 2026 at 7:00 AM Steffen Klassert <steffen.klassert@...unet.com> wrote: > On Thu, Jan 22, 2026 at 05:24:22PM +0900, Tetsuo Handa wrote: ... > > Therefore, I wonder what are security_xfrm_state_delete() and security_xfrm_policy_delete() > > for. Can I kill xfrm_dev_state_flush_secctx_check() and xfrm_dev_policy_flush_secctx_check() ? > > This might violate a LSM policy then. Exactly. SELinux is currently the only LSM that enforces any access controls on the XFRM/IPsec code, but it does use both of these LSM hooks to authorize deletion of SPD/SA objects. -- paul-moore.com
Powered by blists - more mailing lists