git.baikalelectronics.ru Git - kernel.git/commit

author	Paul Moore <paul.moore@hp.com>
	Fri, 28 Aug 2009 22:12:43 +0000 (18:12 -0400)
committer	James Morris <jmorris@namei.org>
	Mon, 31 Aug 2009 22:29:48 +0000 (08:29 +1000)
commit	67307b29500f2b5abb2dcf32f15e292a62d0393d
tree	78a7f734d0721029e4b4c961ca61d35abe9e6dbc	tree \| snapshot
parent	ed8c8209f8c80c7bd27a96f3395f23398534866f	commit \| diff

lsm: Add hooks to the TUN driver

The TUN driver lacks any LSM hooks which makes it difficult for LSM modules,
such as SELinux, to enforce access controls on network traffic generated by
TUN users; this is particularly problematic for virtualization apps such as
QEMU and KVM.  This patch adds three new LSM hooks designed to control the
creation and attachment of TUN devices, the hooks are:

* security_tun_dev_create()
   Provides access control for the creation of new TUN devices

* security_tun_dev_post_create()
   Provides the ability to create the necessary socket LSM state for newly
   created TUN devices

* security_tun_dev_attach()
   Provides access control for attaching to existing, persistent TUN devices
   and the ability to update the TUN device's socket LSM state as necessary

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Eric Paris <eparis@parisplace.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: James Morris <jmorris@namei.org>

drivers/net/tun.c		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
security/capability.c		diff \| blob \| history
security/security.c		diff \| blob \| history