Skip to content

Commit

Permalink
SELinux: define permissions for DCB netlink messages
Browse files Browse the repository at this point in the history 
Commit 2f90b86 added two new netlink message types to the netlink route
socket.  SELinux has hooks to define if netlink messages are allowed to
be sent or received, but it did not know about these two new message
types.  By default we allow such actions so noone likely noticed.  This
patch adds the proper definitions and thus proper permissions
enforcement.

Signed-off-by: Eric Paris <eparis@redhat.com>
  • Loading branch information
Eric Paris committed Dec 16, 2010
1 parent 73ff5fc commit 350e4f3
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions security/selinux/nlmsgtab.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ static struct nlmsg_perm nlmsg_route_perms[] =
{ RTM_NEWADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
{ RTM_DELADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
{ RTM_GETADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_READ },
{ RTM_GETDCB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
{ RTM_SETDCB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
};

static struct nlmsg_perm nlmsg_firewall_perms[] =
Expand Down

0 comments on commit 350e4f3

Please sign in to comment.