On Friday, October 09, 2015 04:17:17 PM Stephen Smalley wrote:
> On 10/09/2015 11:39 AM, Paul Moore wrote:
> > On Friday, October 09, 2015 11:05:58 AM Stephen Smalley wrote:
> >> On 10/07/2015 07:08 PM, Paul Moore wrote:
> >>> +static int selinux_kdbus_init_inode(struct inode *inode,
> >>> +
On 10/09/2015 11:39 AM, Paul Moore wrote:
On Friday, October 09, 2015 11:05:58 AM Stephen Smalley wrote:
On 10/07/2015 07:08 PM, Paul Moore wrote:
+static int selinux_kdbus_init_inode(struct inode *inode,
+ const struct cred *creds)
+{
+ struct inode_secu
On Friday, October 09, 2015 11:05:58 AM Stephen Smalley wrote:
> On 10/07/2015 07:08 PM, Paul Moore wrote:
> > +static int selinux_kdbus_init_inode(struct inode *inode,
> > + const struct cred *creds)
> > +{
> > + struct inode_security_struct *isec = inode->i_securit
On 10/07/2015 07:08 PM, Paul Moore wrote:
Add the SELinux access control implementation for the new kdbus LSM
hooks using the new kdbus object class and the following permissions:
[NOTE: permissions below are based on kdbus code from Aug 2015]
* kdbus:impersonate
Send a different securi
On Wednesday, October 07, 2015 07:08:48 PM Paul Moore wrote:
> +static int selinux_kdbus_conn_see_notification(const struct cred *creds)
> +{
> + return avc_has_perm(SECINITSID_KERNEL, cred_sid(creds),
> + SECCLASS_KDBUS, KDBUS__SEE_NOTIFICATION, NULL);
> +}
I'm
Add the SELinux access control implementation for the new kdbus LSM
hooks using the new kdbus object class and the following permissions:
[NOTE: permissions below are based on kdbus code from Aug 2015]
* kdbus:impersonate
Send a different security label to kdbus peers.
* kdbus:fakecreds