diff options
author | James Morris <jmorris@intercode.com.au> | 2003-02-06 09:51:56 -0800 |
---|---|---|
committer | James Morris <jmorris@intercode.com.au> | 2003-02-06 09:51:56 -0800 |
commit | d5a9256003294d65d6cd9d162cf29fb852f6569a (patch) | |
tree | d73c28b196643383a056dba95bb99953c538a765 /security | |
parent | 73880d9f50dd54d301c95d8d793404f5bf3e08c6 (diff) | |
download | history-d5a9256003294d65d6cd9d162cf29fb852f6569a.tar.gz |
[LSM]: Networking netlink socket capability hooks.
Diffstat (limited to 'security')
-rw-r--r-- | security/capability.c | 2 | ||||
-rw-r--r-- | security/dummy.c | 18 |
2 files changed, 20 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c index cf6d2440a21d21..221f185ca3809f 100644 --- a/security/capability.c +++ b/security/capability.c @@ -282,6 +282,8 @@ static struct security_operations capability_ops = { .capset_check = cap_capset_check, .capset_set = cap_capset_set, .capable = cap_capable, + .netlink_send = cap_netlink_send, + .netlink_recv = cap_netlink_recv, .bprm_compute_creds = cap_bprm_compute_creds, .bprm_set_security = cap_bprm_set_security, diff --git a/security/dummy.c b/security/dummy.c index 46cfb0d00aa688..9b450c740bfa6f 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -597,6 +597,22 @@ static int dummy_sem_semop (struct sem_array *sma, return 0; } +static int dummy_netlink_send (struct sk_buff *skb) +{ + if (current->euid == 0) + cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN); + else + NETLINK_CB (skb).eff_cap = 0; + return 0; +} + +static int dummy_netlink_recv (struct sk_buff *skb) +{ + if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN)) + return -EPERM; + return 0; +} + #ifdef CONFIG_SECURITY_NETWORK static int dummy_unix_stream_connect (struct socket *sock, struct socket *other, @@ -819,6 +835,8 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, sem_associate); set_to_dummy_if_null(ops, sem_semctl); set_to_dummy_if_null(ops, sem_semop); + set_to_dummy_if_null(ops, netlink_send); + set_to_dummy_if_null(ops, netlink_recv); set_to_dummy_if_null(ops, register_security); set_to_dummy_if_null(ops, unregister_security); #ifdef CONFIG_SECURITY_NETWORK |