| Message ID | 20230405125308.57821-1-arefev@swemel.ru (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | net: Added security socket | expand |
On Wed, 5 Apr 2023 15:53:08 +0300 Denis Arefev wrote: > Added security_socket_connect > kernel_connect is in kernel space, > but kernel_connect is used in RPC > requests (/net/sunrpc/xprtsock.c), > and the RPC protocol is used by the NFS server. > This is how we protect the TCP connection > initiated by the client. Can you please format this to look like every other commit in the kernel and use imperative mood? Then please add to the description _exactly_ how you're going to use it, i.e. an example of a real rule. And CC linux-security-module@vger.kernel.org
diff --git a/net/socket.c b/net/socket.c index 9c92c0e6c4da..9afa2b44a9e5 100644 --- a/net/socket.c +++ b/net/socket.c @@ -3526,6 +3526,12 @@ EXPORT_SYMBOL(kernel_accept); int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen, int flags) { + int err; + + err = security_socket_connect(sock, (struct sockaddr *)addr, addrlen); + if (err) + return err; + return sock->ops->connect(sock, addr, addrlen, flags); } EXPORT_SYMBOL(kernel_connect);
Added security_socket_connect kernel_connect is in kernel space, but kernel_connect is used in RPC requests (/net/sunrpc/xprtsock.c), and the RPC protocol is used by the NFS server. This is how we protect the TCP connection initiated by the client. Signed-off-by: Denis Arefev <arefev@swemel.ru> --- net/socket.c | 6 ++++++ 1 file changed, 6 insertions(+)