Squash to "security: SELinux/LSM label with MPTCP and accept "

[PATCH mptcp-next 1/2] Squash to "security, lsm: Introduce security_mptcp_add_subflow()"
Posted by Matthieu Baerts 2 years, 9 months ago
Apply Paul's comments from [1].

For the commit message:

  > Let's introduce a new LSM hook to allow the security module to relabel
  > the subflow according to the owing process.

  "... according to the main MPTCP socket."

  You might also want to stick with a consistent capitalization of
  "MPTCP" in the commit description, but that is being *really* nitpicky
  on my part ;)

  There is a suggestion for some additional comments in the hook's
  description below, but otherwise this looks good to me.

And for security/security.c:

  > + * Update the labeling for the given MPTCP subflow, to match the one of the
  > + * owning MPTCP socket.

  I would add a sentence at the end making it clear that this hook is
  called after the socket has been created and initialized via the
  security_socket_create() and security_socket_post_create() LSM hooks.

Link: https://lore.kernel.org/mptcp/CAHC9VhQsbSO5o+hVT-Tae-HyWMTjh2ffqQvz+pQQXkrMty7NYQ@mail.gmail.com/ [1]
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
---

Notes:
    to be squashed in "security, lsm: Introduce security_mptcp_add_subflow()"

 .topmsg             | 15 +++++++++++----
 security/security.c |  4 +++-
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/.topmsg b/.topmsg
index f3241d814f47..cfd5349a3238 100644
--- a/.topmsg
+++ b/.topmsg
@@ -2,18 +2,25 @@ From: Paolo Abeni <pabeni@redhat.com>
 Subject: [PATCH] security, lsm: Introduce security_mptcp_add_subflow()
 
 MPTCP can create subflows in kernel context, and later indirectly
-expose them to user-space, via the owning mptcp socket.
+expose them to user-space, via the owning MPTCP socket.
 
 As discussed in the reported link, the above causes unexpected failures
 for server, MPTCP-enabled applications.
 
 Let's introduce a new LSM hook to allow the security module to relabel
-the subflow according to the owing process.
+the subflow according to the owning user-space process, via the MPTCP
+socket owning the subflow.
 
-Note that the new hook requires both the mptcp socket and the new
+Note that the new hook requires both the MPTCP socket and the new
 subflow. This could allow future extensions, e.g. explicitly validating
-the mptcp <-> subflow linkage.
+the MPTCP <-> subflow linkage.
 
 Link: https://lore.kernel.org/mptcp/CAHC9VhTNh-YwiyTds=P1e3rixEDqbRTFj22bpya=+qJqfcaMfg@mail.gmail.com/
 Signed-off-by: Paolo Abeni <pabeni@redhat.com>
 Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+---
+v2:
+ - Address Paul's comments:
+   - clarification around "the owning process" in the commit message
+   - making it clear the hook has to be called after the sk init part
+   - consistent capitalization of "MPTCP"
diff --git a/security/security.c b/security/security.c
index 1e99200ed0c9..d1d72a95e445 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2500,7 +2500,9 @@ EXPORT_SYMBOL(security_sctp_assoc_established);
  * @ssk: the new subflow
  *
  * Update the labeling for the given MPTCP subflow, to match the one of the
- * owning MPTCP socket.
+ * owning MPTCP socket. This hook has to be called after the socket creation and
+ * initialization via the security_socket_create() and
+ * security_socket_post_create() LSM hooks.
  *
  * Return: Returns 0 on success or a negative error code on failure.
  */

base-commit: fba46e506c37047424ec7f331564dc502098cd15
-- 
2.39.2
[PATCH mptcp-next 1/2] Squash to "security, lsm: Introduce security_mptcp_add_subflow()"
[PATCH mptcp-next 2/2] Squash to "selinux: Implement mptcp_add_subflow hook"