Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Feb 2017 16:15:02 -0500
From: Paul Moore <paul@...l-moore.com>
To: selinux@...ho.nsa.gov
Cc: linux-security-module@...r.kernel.org, kernel-hardening@...ts.openwall.com, 
	Stephen Smalley <sds@...ho.nsa.gov>, James Morris <jmorris@...ei.org>
Subject: Re: [RFC PATCH 4/4] selinux: constify nlmsg permission tables

On Mon, Feb 13, 2017 at 7:19 PM, Paul Moore <paul@...l-moore.com> wrote:
> On Mon, Feb 13, 2017 at 12:35 AM, James Morris <jmorris@...ei.org> wrote:
>> Constify nlmsg permission tables, which are initialized once
>> and then do not change.
>>
>> Signed-off-by: James Morris <james.l.morris@...cle.com>
>> ---
>>  security/selinux/nlmsgtab.c |   10 +++++-----
>>  1 files changed, 5 insertions(+), 5 deletions(-)
>
> The SELinux list should have been CC'd on this patch - come on James,
> you know better ;)
>
> Normally I push patches this close to the merge window out until after
> the merge window, but this is trivial and easily verified by the
> compiler so I've merged this.
>
> James, if you want to grab it for v4.11 you can pull from the tree below:
>
> git://git.infradead.org/users/pcmoore/selinux stable-4.11

It doesn't appear that James picked this up for v4.11 so I've moved it
from the selinux/stable-4.11 branch to the selinux/next branch.  We'll
get it upstream during the next merge window.

>> diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
>> index 2ca9cde..57e2596 100644
>> --- a/security/selinux/nlmsgtab.c
>> +++ b/security/selinux/nlmsgtab.c
>> @@ -28,7 +28,7 @@ struct nlmsg_perm {
>>         u32     perm;
>>  };
>>
>> -static struct nlmsg_perm nlmsg_route_perms[] =
>> +static const struct nlmsg_perm nlmsg_route_perms[] =
>>  {
>>         { RTM_NEWLINK,          NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>>         { RTM_DELLINK,          NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>> @@ -80,7 +80,7 @@ struct nlmsg_perm {
>>         { RTM_GETSTATS,         NETLINK_ROUTE_SOCKET__NLMSG_READ  },
>>  };
>>
>> -static struct nlmsg_perm nlmsg_tcpdiag_perms[] =
>> +static const struct nlmsg_perm nlmsg_tcpdiag_perms[] =
>>  {
>>         { TCPDIAG_GETSOCK,      NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
>>         { DCCPDIAG_GETSOCK,     NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
>> @@ -88,7 +88,7 @@ struct nlmsg_perm {
>>         { SOCK_DESTROY,         NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE },
>>  };
>>
>> -static struct nlmsg_perm nlmsg_xfrm_perms[] =
>> +static const struct nlmsg_perm nlmsg_xfrm_perms[] =
>>  {
>>         { XFRM_MSG_NEWSA,       NETLINK_XFRM_SOCKET__NLMSG_WRITE },
>>         { XFRM_MSG_DELSA,       NETLINK_XFRM_SOCKET__NLMSG_WRITE },
>> @@ -115,7 +115,7 @@ struct nlmsg_perm {
>>         { XFRM_MSG_MAPPING,     NETLINK_XFRM_SOCKET__NLMSG_READ  },
>>  };
>>
>> -static struct nlmsg_perm nlmsg_audit_perms[] =
>> +static const struct nlmsg_perm nlmsg_audit_perms[] =
>>  {
>>         { AUDIT_GET,            NETLINK_AUDIT_SOCKET__NLMSG_READ     },
>>         { AUDIT_SET,            NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
>> @@ -136,7 +136,7 @@ struct nlmsg_perm {
>>  };
>>
>>
>> -static int nlmsg_perm(u16 nlmsg_type, u32 *perm, struct nlmsg_perm *tab, size_t tabsize)
>> +static int nlmsg_perm(u16 nlmsg_type, u32 *perm, const struct nlmsg_perm *tab, size_t tabsize)
>>  {
>>         int i, err = -EINVAL;
>>

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.