| Message ID | 1428511002-22329-3-git-send-email-nicolas.dichtel@6wind.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
On Wed, Apr 8, 2015 at 12:36 PM, Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote: > This new command is missing. > > Fixes: 9a9634545c70 ("netns: notify netns id events") > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> > --- > security/selinux/nlmsgtab.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c > index 91228a730801..c8cee0766b60 100644 > --- a/security/selinux/nlmsgtab.c > +++ b/security/selinux/nlmsgtab.c > @@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] = > { RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, > { RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ }, > { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, > + { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ }, > { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ }, > }; Can you elaborate a bit on the RTM_DELNSID type? Based only on the name I wonder if it should be treated as a "write" and not a "read" operation.
Le 09/04/2015 13:10, Paul Moore a écrit : [snip] >> --- a/security/selinux/nlmsgtab.c >> +++ b/security/selinux/nlmsgtab.c >> @@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] = >> { RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, >> { RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ }, >> { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, >> + { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ }, >> { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ }, >> }; > > Can you elaborate a bit on the RTM_DELNSID type? Based only on the > name I wonder if it should be treated as a "write" and not a "read" > operation. The user is not allowed to delete a nsid (no method is implemented). This RTM_DELNSID is only used for notifications. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Apr 9, 2015 at 9:10 AM, Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote: > Le 09/04/2015 13:10, Paul Moore a écrit : > [snip] >>> >>> --- a/security/selinux/nlmsgtab.c >>> +++ b/security/selinux/nlmsgtab.c >>> @@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] = >>> { RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, >>> { RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ }, >>> { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, >>> + { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ }, >>> { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ }, >>> }; >> >> >> Can you elaborate a bit on the RTM_DELNSID type? Based only on the >> name I wonder if it should be treated as a "write" and not a "read" >> operation. > > The user is not allowed to delete a nsid (no method is implemented). This > RTM_DELNSID is only used for notifications. Okay, thanks for clearing that up.
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 91228a730801..c8cee0766b60 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c @@ -74,6 +74,7 @@ static struct nlmsg_perm nlmsg_route_perms[] = { RTM_DELMDB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, { RTM_GETMDB, NETLINK_ROUTE_SOCKET__NLMSG_READ }, { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, + { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ }, { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ }, };
This new command is missing. Fixes: 9a9634545c70 ("netns: notify netns id events") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> --- security/selinux/nlmsgtab.c | 1 + 1 file changed, 1 insertion(+)