GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-06-27 17:11:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[NETLINK]: Encapsulate eff_cap usage within security framework.

Browse source 
This patch encapsulates the usage of eff_cap (in netlink_skb_params) within
the security framework by extending security_netlink_recv to include a required
capability parameter and converting all direct usage of eff_caps outside
of the lsm modules to use the interface.  It also updates the SELinux
implementation of the security_netlink_send and security_netlink_recv
hooks to take advantage of the sid in the netlink_skb_params struct.
This also enables SELinux to perform auditing of netlink capability checks.
Please apply, for 2.6.18 if possible.

Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by:  James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Darrel Goeddel 2006-06-27 13:26:11 -07:00 committed by David S. Miller
parent 576a30eb64
commit c7bdb545d2
12 changed files with 35 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

2
net/decnet/netfilter/dn_rtmsg.c
View file

@ -107,7 +107,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
return;
if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN))
if (security_netlink_recv(skb, CAP_NET_ADMIN))
RCV_SKB_FAIL(-EPERM);
/* Eventually we might send routing messages too */