Re: [PATCH V3 1/2] security: Add a cred_getsecid hook

2017-11-15 Thread Matthew Garrett via Selinux
On Mon, Oct 30, 2017 at 10:03 AM, Stephen Smalley wrote: > On Mon, 2017-10-30 at 10:57 +, Matthew Garrett via Selinux wrote: >> On Thu, Oct 26, 2017 at 3:20 PM, Stephen Smalley >> wrote: >> > On Thu, 2017-10-26 at 01:40 -0700, Matthew Garrett via

Re: [PATCH V3 1/2] security: Add a cred_getsecid hook

2017-10-30 Thread Stephen Smalley
On Mon, 2017-10-30 at 10:57 +, Matthew Garrett via Selinux wrote: > On Thu, Oct 26, 2017 at 3:20 PM, Stephen Smalley > wrote: > > On Thu, 2017-10-26 at 01:40 -0700, Matthew Garrett via Selinux > > wrote: > > > +static void selinux_cred_getsecid(const struct cred *c, u32 >

Re: [PATCH V3 1/2] security: Add a cred_getsecid hook

2017-10-30 Thread Matthew Garrett via Selinux
On Thu, Oct 26, 2017 at 3:20 PM, Stephen Smalley wrote: > On Thu, 2017-10-26 at 01:40 -0700, Matthew Garrett via Selinux wrote: >> +static void selinux_cred_getsecid(const struct cred *c, u32 *secid) >> +{ >> + rcu_read_lock(); >> + *secid = cred_sid(c); >> +

Re: [PATCH V3 1/2] security: Add a cred_getsecid hook

2017-10-30 Thread Matthew Garrett via Selinux
On Thu, Oct 26, 2017 at 2:21 PM, Casey Schaufler wrote: > On 10/26/2017 1:40 AM, Matthew Garrett wrote: >> V3: Fix smack_cred_getsecid() > > Much better. Have you tried this with Smack? I'm afraid not - I have zero expertise with Smack and no easy way to set it up. I can

Re: [PATCH V3 1/2] security: Add a cred_getsecid hook

2017-10-26 Thread Casey Schaufler
On 10/26/2017 1:40 AM, Matthew Garrett wrote: > For IMA purposes, we want to be able to obtain the prepared secid in the > bprm structure before the credentials are committed. Add a cred_getsecid > hook that makes this possible. > > Signed-off-by: Matthew Garrett > Acked-by:

Re: [PATCH V3 1/2] security: Add a cred_getsecid hook

2017-10-26 Thread James Morris
On Thu, 26 Oct 2017, Matthew Garrett wrote: > For IMA purposes, we want to be able to obtain the prepared secid in the > bprm structure before the credentials are committed. Add a cred_getsecid > hook that makes this possible. > > Signed-off-by: Matthew Garrett > Acked-by:

[PATCH V3 1/2] security: Add a cred_getsecid hook

2017-10-26 Thread Matthew Garrett via Selinux
For IMA purposes, we want to be able to obtain the prepared secid in the bprm structure before the credentials are committed. Add a cred_getsecid hook that makes this possible. Signed-off-by: Matthew Garrett Acked-by: Paul Moore Cc: Paul Moore