Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAHC9VhRXkU6wajgL2P+FaHf=5R=619wyHwWgfbvZm0JhTUuw5g@mail.gmail.com>
Date: Tue, 28 Feb 2017 16:15:02 -0500
From: Paul Moore <paul@...l-moore.com>
To: selinux@...ho.nsa.gov
Cc: linux-security-module@...r.kernel.org, kernel-hardening@...ts.openwall.com, 
	Stephen Smalley <sds@...ho.nsa.gov>, James Morris <jmorris@...ei.org>
Subject: Re: [RFC PATCH 4/4] selinux: constify nlmsg permission tables

On Mon, Feb 13, 2017 at 7:19 PM, Paul Moore <paul@...l-moore.com> wrote:
> On Mon, Feb 13, 2017 at 12:35 AM, James Morris <jmorris@...ei.org> wrote:
>> Constify nlmsg permission tables, which are initialized once
>> and then do not change.
>>
>> Signed-off-by: James Morris <james.l.morris@...cle.com>
>> ---
>>  security/selinux/nlmsgtab.c |   10 +++++-----
>>  1 files changed, 5 insertions(+), 5 deletions(-)
>
> The SELinux list should have been CC'd on this patch - come on James,
> you know better ;)
>
> Normally I push patches this close to the merge window out until after
> the merge window, but this is trivial and easily verified by the
> compiler so I've merged this.
>
> James, if you want to grab it for v4.11 you can pull from the tree below:
>
> git://git.infradead.org/users/pcmoore/selinux stable-4.11

It doesn't appear that James picked this up for v4.11 so I've moved it
from the selinux/stable-4.11 branch to the selinux/next branch.  We'll
get it upstream during the next merge window.

>> diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
>> index 2ca9cde..57e2596 100644
>> --- a/security/selinux/nlmsgtab.c
>> +++ b/security/selinux/nlmsgtab.c
>> @@ -28,7 +28,7 @@ struct nlmsg_perm {
>>         u32     perm;
>>  };
>>
>> -static struct nlmsg_perm nlmsg_route_perms[] =
>> +static const struct nlmsg_perm nlmsg_route_perms[] =
>>  {
>>         { RTM_NEWLINK,          NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>>         { RTM_DELLINK,          NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>> @@ -80,7 +80,7 @@ struct nlmsg_perm {
>>         { RTM_GETSTATS,         NETLINK_ROUTE_SOCKET__NLMSG_READ  },
>>  };
>>
>> -static struct nlmsg_perm nlmsg_tcpdiag_perms[] =
>> +static const struct nlmsg_perm nlmsg_tcpdiag_perms[] =
>>  {
>>         { TCPDIAG_GETSOCK,      NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
>>         { DCCPDIAG_GETSOCK,     NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
>> @@ -88,7 +88,7 @@ struct nlmsg_perm {
>>         { SOCK_DESTROY,         NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE },
>>  };
>>
>> -static struct nlmsg_perm nlmsg_xfrm_perms[] =
>> +static const struct nlmsg_perm nlmsg_xfrm_perms[] =
>>  {
>>         { XFRM_MSG_NEWSA,       NETLINK_XFRM_SOCKET__NLMSG_WRITE },
>>         { XFRM_MSG_DELSA,       NETLINK_XFRM_SOCKET__NLMSG_WRITE },
>> @@ -115,7 +115,7 @@ struct nlmsg_perm {
>>         { XFRM_MSG_MAPPING,     NETLINK_XFRM_SOCKET__NLMSG_READ  },
>>  };
>>
>> -static struct nlmsg_perm nlmsg_audit_perms[] =
>> +static const struct nlmsg_perm nlmsg_audit_perms[] =
>>  {
>>         { AUDIT_GET,            NETLINK_AUDIT_SOCKET__NLMSG_READ     },
>>         { AUDIT_SET,            NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
>> @@ -136,7 +136,7 @@ struct nlmsg_perm {
>>  };
>>
>>
>> -static int nlmsg_perm(u16 nlmsg_type, u32 *perm, struct nlmsg_perm *tab, size_t tabsize)
>> +static int nlmsg_perm(u16 nlmsg_type, u32 *perm, const struct nlmsg_perm *tab, size_t tabsize)
>>  {
>>         int i, err = -EINVAL;
>>

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.