Prev: [patch] hamradio: avoid null deref
Next: CPU eaten by unknown code
From: Michael Stone on 23 Dec 2009 20:50
Alan,

As you requested, here's a (rough) draft of my patch series which uses the
security_* hooks instead of direct modification of the networking functions.

Have you further suggestions for improvement?

Regards,

Michael

P.S. - The most notable behavioral difference between this patch and the
previous one is that abstract unix sockets are exempted from control in this
patch but are restricted by the previous one. We can revisit this detail in
subsequent patches if this approach seems viable.

Michael Stone (3):
Security: Add prctl(PR_{GET,SET}_NETWORK) interface. (v3)
Security: Implement prctl(PR_SET_NETWORK, PR_NETWORK_OFF) semantics. (v3)
Security: Document prctl(PR_{GET,SET}_NETWORK). (v3)

Documentation/prctl/network.txt | 74 ++++++++++++++++++++++++++
include/linux/prctl.h | 7 +++
include/linux/prctl_network.h | 7 +++
include/linux/sched.h | 2 +
kernel/sys.c | 32 +++++++++++
security/Kconfig | 13 +++++
security/Makefile | 1 +
security/prctl_network.c | 110 +++++++++++++++++++++++++++++++++++++++
8 files changed, 246 insertions(+), 0 deletions(-)
create mode 100644 Documentation/prctl/network.txt
create mode 100644 include/linux/prctl_network.h
create mode 100644 security/prctl_network.c
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: [patch] hamradio: avoid null deref
Next: CPU eaten by unknown code