From: Roopa Prabhu <roopa@cumulusnetworks•com>
To: Paul Moore <paul@paul-moore•com>
Cc: nicolas.dichtel@6wind•com, netdev@vger•kernel.org,
jhs@mojatatu•com, davem@davemloft•net, tgraf@suug•ch,
Stephen Smalley <sds@tycho•nsa.gov>,
Eric Paris <eparis@parisplace•org>
Subject: Re: [PATCH net-next v5] rtnetlink: add new RTM_GETSTATS message to dump link stats
Date: Tue, 19 Apr 2016 13:40:52 -0700 [thread overview]
Message-ID: <571697D4.5090404@cumulusnetworks.com> (raw)
In-Reply-To: <CAHC9VhRjjWk9drwY5Db2Zwu1CHw+dxtkMKR6Ovw3pzuHBvieVQ@mail.gmail.com>
On 4/19/16, 12:55 PM, Paul Moore wrote:
> On Tue, Apr 19, 2016 at 4:26 AM, Nicolas Dichtel
> <nicolas.dichtel@6wind•com> wrote:
>> + selinux maintainers
>>
>> Le 18/04/2016 23:10, Roopa Prabhu a écrit :
>> [snip]
>>> diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
>>> index 8495b93..1714633 100644
>>> --- a/security/selinux/nlmsgtab.c
>>> +++ b/security/selinux/nlmsgtab.c
>>> @@ -76,6 +76,8 @@ static struct nlmsg_perm nlmsg_route_perms[] =
>>> { RTM_NEWNSID, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>>> { RTM_DELNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>>> { RTM_GETNSID, NETLINK_ROUTE_SOCKET__NLMSG_READ },
>>> + { RTM_NEWSTATS, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
>> I would say it's NETLINK_ROUTE_SOCKET__NLMSG_READ, not WRITE. This command
>> is only sent by the kernel, not by the userland.
> From what I could tell from the patch description, it looks like
> RTM_NEWSTATS only dumps stats to userspace and doesn't alter the state
> of the kernel, is that correct? If so, then yes, NLMSG__READ is the
> right SELinux permission. However, if RTM_NEWSTATS does alter the
> state/configuration of the kernel then we should use NLMSG__WRITE.
>
okay, will change it to READ in the next version,
thanks.
prev parent reply other threads:[~2016-04-19 20:40 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-18 21:10 [PATCH net-next v5] rtnetlink: add new RTM_GETSTATS message to dump link stats Roopa Prabhu
2016-04-18 21:35 ` Eric Dumazet
2016-04-19 0:57 ` David Miller
2016-04-19 1:48 ` David Miller
2016-04-19 2:22 ` Eric Dumazet
2016-04-19 2:40 ` Roopa Prabhu
2016-04-19 3:49 ` David Miller
2016-04-19 3:52 ` David Miller
2016-04-19 10:09 ` Johannes Berg
2016-04-19 10:48 ` Emmanuel Grumbach
2016-04-19 18:23 ` David Miller
2016-04-19 19:41 ` Johannes Berg
2016-04-20 1:53 ` David Ahern
2016-04-20 7:32 ` Johannes Berg
2016-04-20 12:48 ` Jiri Benc
2016-04-20 13:17 ` Johannes Berg
2016-04-20 13:34 ` Jiri Benc
2016-04-20 20:13 ` Johannes Berg
2016-04-19 2:30 ` roopa
2016-04-19 3:41 ` David Miller
2016-04-19 4:17 ` Eric Dumazet
2016-04-19 4:32 ` Eric Dumazet
2016-04-19 5:03 ` David Miller
2016-04-19 18:31 ` David Miller
2016-04-19 18:45 ` Eric Dumazet
2016-04-19 18:47 ` Eric Dumazet
2016-04-19 19:08 ` Nicolas Dichtel
2016-04-19 23:50 ` David Miller
2016-04-20 3:54 ` Roopa Prabhu
2016-04-20 8:57 ` [PATCH net-next 0/4] libnl: enhance API to ease 64bit alignment for attribute Nicolas Dichtel
2016-04-20 8:57 ` [PATCH net-next 1/4] netlink: fix test alignment in nla_align_64bit() Nicolas Dichtel
2016-04-20 9:33 ` Eric Dumazet
2016-04-20 9:44 ` Nicolas Dichtel
2016-04-20 9:57 ` Eric Dumazet
2016-04-20 10:14 ` Nicolas Dichtel
2016-04-20 14:31 ` [PATCH net-next] net: fix HAVE_EFFICIENT_UNALIGNED_ACCESS typos Eric Dumazet
2016-04-20 15:03 ` David Miller
2016-04-20 8:57 ` [PATCH net-next 2/4] libnl: add more helpers to align attribute on 64-bit Nicolas Dichtel
2016-04-20 8:57 ` [PATCH net-next 3/4] ipmr: align RTA_MFC_STATS " Nicolas Dichtel
2016-04-20 8:57 ` [PATCH net-next 4/4] ip6mr: " Nicolas Dichtel
2016-04-21 16:58 ` [PATCH net-next v2 0/4] libnl: enhance API to ease 64bit alignment for attribute Nicolas Dichtel
2016-04-21 16:58 ` [PATCH net-next v2 1/4] libnl: add more helpers to align attributes on 64-bit Nicolas Dichtel
2016-04-21 16:58 ` [PATCH net-next v2 2/4] rtnl: use the new API to align IFLA_STATS* Nicolas Dichtel
2016-04-21 16:58 ` [PATCH net-next v2 3/4] ipmr: align RTA_MFC_STATS on 64-bit Nicolas Dichtel
2016-04-21 16:58 ` [PATCH net-next v2 4/4] ip6mr: " Nicolas Dichtel
2016-04-21 18:28 ` [PATCH net-next v2 0/4] libnl: enhance API to ease 64bit alignment for attribute David Miller
2016-04-21 22:00 ` Nicolas Dichtel
2016-04-22 5:31 ` David Miller
2016-04-19 19:05 ` [PATCH net-next v5] rtnetlink: add new RTM_GETSTATS message to dump link stats Roopa Prabhu
2016-04-19 22:49 ` David Miller
2016-04-20 3:53 ` Roopa Prabhu
2016-04-19 4:43 ` Roopa Prabhu
2016-04-19 7:45 ` Nicolas Dichtel
2016-04-19 16:00 ` David Miller
2016-04-19 8:26 ` Nicolas Dichtel
2016-04-19 19:55 ` Paul Moore
2016-04-19 20:40 ` Roopa Prabhu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=571697D4.5090404@cumulusnetworks.com \
--to=roopa@cumulusnetworks$(echo .)com \
--cc=davem@davemloft$(echo .)net \
--cc=eparis@parisplace$(echo .)org \
--cc=jhs@mojatatu$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=nicolas.dichtel@6wind$(echo .)com \
--cc=paul@paul-moore$(echo .)com \
--cc=sds@tycho$(echo .)nsa.gov \
--cc=tgraf@suug$(echo .)ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox