Re: [PATCH] python/semanage/seobject.py: Fix undefined store check

2018-05-04 Thread Petr Lautrbach
On Fri, May 04, 2018 at 01:58:08PM -0400, Stephen Smalley wrote: > On 05/04/2018 07:51 AM, Petr Lautrbach wrote: > > From: Vit Mojzis > > > > self.store is always a string (actual store name or "") because of > > semanageRecords.__init__. Fix check for not defined store. > >

Re: [PATCH v2 0/4] Introduce LSM-hook for socketpair(2)

2018-05-04 Thread James Morris
On Fri, 4 May 2018, David Herrmann wrote: > Hi > > This is v2 of the socketpair(2) LSM hook introduction. Thanks, all applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general -- James Morris

Re: [PATCH] python/semanage/seobject.py: Fix undefined store check

2018-05-04 Thread Stephen Smalley
On 05/04/2018 07:51 AM, Petr Lautrbach wrote: > From: Vit Mojzis > > self.store is always a string (actual store name or "") because of > semanageRecords.__init__. Fix check for not defined store. > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1559174#c3 > >

Re: [PATCH v2 2/4] net: hook socketpair() into LSM

2018-05-04 Thread David Miller
From: David Herrmann Date: Fri, 4 May 2018 16:28:20 +0200 > Use the newly created LSM-hook for socketpair(). The default hook > return-value is 0, so behavior stays the same unless LSMs start using > this hook. > > Acked-by: Serge Hallyn >

[PATCH] python/semanage/seobject.py: Fix undefined store check

2018-05-04 Thread Petr Lautrbach
From: Vit Mojzis self.store is always a string (actual store name or "") because of semanageRecords.__init__. Fix check for not defined store. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1559174#c3 Signed-off-by: Vit Mojzis ---

[PATCH v2 3/4] selinux: provide socketpair callback

2018-05-04 Thread David Herrmann
Make sure to implement the new socketpair callback so the SO_PEERSEC call on socketpair(2)s will return correct information. Acked-by: Serge Hallyn Acked-by: Stephen Smalley Signed-off-by: Tom Gundersen Signed-off-by: David Herrmann

[PATCH v2 0/4] Introduce LSM-hook for socketpair(2)

2018-05-04 Thread David Herrmann
Hi This is v2 of the socketpair(2) LSM hook introduction. Changes since v1 are: - Added ACKs from previous series. - Moved the hook into generic socketpair(2) handling. The hook is now called security_socket_socketpair(), just like the other hooks on the socket layer. There is

[PATCH v2 2/4] net: hook socketpair() into LSM

2018-05-04 Thread David Herrmann
Use the newly created LSM-hook for socketpair(). The default hook return-value is 0, so behavior stays the same unless LSMs start using this hook. Acked-by: Serge Hallyn Signed-off-by: Tom Gundersen Signed-off-by: David Herrmann ---

[PATCH v2 4/4] smack: provide socketpair callback

2018-05-04 Thread David Herrmann
From: Tom Gundersen Make sure to implement the new socketpair callback so the SO_PEERSEC call on socketpair(2)s will return correct information. Signed-off-by: Tom Gundersen Signed-off-by: David Herrmann --- security/smack/smack_lsm.c | 22

[PATCH v2 1/4] security: add hook for socketpair()

2018-05-04 Thread David Herrmann
Right now the LSM labels for socketpairs are always uninitialized, since there is no security hook for the socketpair() syscall. This patch adds the required hooks so LSMs can properly label socketpairs. This allows SO_PEERSEC to return useful information on those sockets. Note that the behavior

Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2)

2018-05-04 Thread David Herrmann
Hey On Wed, Apr 25, 2018 at 9:02 PM, James Morris wrote: > On Wed, 25 Apr 2018, Paul Moore wrote: > >> On Wed, Apr 25, 2018 at 2:44 PM, James Morris wrote: >> > On Mon, 23 Apr 2018, David Herrmann wrote: >> >> This patch series tries to close this gap and

Re: Last call for selinux userspace 2.8 release

2018-05-04 Thread Dominick Grift
On Fri, May 04, 2018 at 09:36:12AM -0400, Stephen Smalley wrote: > On 05/04/2018 09:26 AM, Dominick Grift wrote: > > On Fri, May 04, 2018 at 09:08:36AM -0400, Stephen Smalley wrote: > >> On 05/04/2018 03:55 AM, Jason Zaman wrote: > >>> On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley

Re: Last call for selinux userspace 2.8 release

2018-05-04 Thread Jason Zaman
On Fri, May 04, 2018 at 09:36:12AM -0400, Stephen Smalley wrote: > On 05/04/2018 09:26 AM, Dominick Grift wrote: > > On Fri, May 04, 2018 at 09:08:36AM -0400, Stephen Smalley wrote: > >> On 05/04/2018 03:55 AM, Jason Zaman wrote: > >>> On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley

Re: Last call for selinux userspace 2.8 release

2018-05-04 Thread Petr Lautrbach
On Fri, May 04, 2018 at 03:16:43PM +0200, Dominick Grift wrote: > On Fri, May 04, 2018 at 09:09:20AM -0400, Stephen Smalley wrote: > > On 05/04/2018 08:19 AM, Dominick Grift wrote: > > > On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote: > > >> Hi, > > >> > > >> If you have

Re: Last call for selinux userspace 2.8 release

2018-05-04 Thread Stephen Smalley
On 05/04/2018 09:26 AM, Dominick Grift wrote: > On Fri, May 04, 2018 at 09:08:36AM -0400, Stephen Smalley wrote: >> On 05/04/2018 03:55 AM, Jason Zaman wrote: >>> On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote: Hi, If you have encountered any unreported problems

Re: Last call for selinux userspace 2.8 release

2018-05-04 Thread Dominick Grift
On Fri, May 04, 2018 at 09:08:36AM -0400, Stephen Smalley wrote: > On 05/04/2018 03:55 AM, Jason Zaman wrote: > > On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote: > >> Hi, > >> > >> If you have encountered any unreported problems with the 2.8-rcX releases > >> or have any > >>

Re: Last call for selinux userspace 2.8 release

2018-05-04 Thread Dominick Grift
On Fri, May 04, 2018 at 09:09:20AM -0400, Stephen Smalley wrote: > On 05/04/2018 08:19 AM, Dominick Grift wrote: > > On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote: > >> Hi, > >> > >> If you have encountered any unreported problems with the 2.8-rcX releases > >> or have any > >>

Re: Last call for selinux userspace 2.8 release

2018-05-04 Thread Stephen Smalley
On 05/04/2018 08:19 AM, Dominick Grift wrote: > On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote: >> Hi, >> >> If you have encountered any unreported problems with the 2.8-rcX releases or >> have any >> pending patches you believe should be included in the 2.8 release, please >>

Re: Last call for selinux userspace 2.8 release

2018-05-04 Thread Stephen Smalley
On 05/04/2018 03:55 AM, Jason Zaman wrote: > On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote: >> Hi, >> >> If you have encountered any unreported problems with the 2.8-rcX releases or >> have any >> pending patches you believe should be included in the 2.8 release, please >> post

Re: Last call for selinux userspace 2.8 release

2018-05-04 Thread Dominick Grift
On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote: > Hi, > > If you have encountered any unreported problems with the 2.8-rcX releases or > have any > pending patches you believe should be included in the 2.8 release, please > post them soon. > Also, let us know of any additions

Re: Last call for selinux userspace 2.8 release

2018-05-04 Thread Jason Zaman
On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote: > Hi, > > If you have encountered any unreported problems with the 2.8-rcX releases or > have any > pending patches you believe should be included in the 2.8 release, please > post them soon. the rc2 release has been fine for me