Re: [PATCH 1/3] Security: Add prctl(PR_{GET,SET}_NETWORK) interface. (v3)

From: Samir Bellabes
Date: Thu Dec 24 2009 - 00:10:43 EST

Next message: Paul Mundt: "Re: [RFC][PATCH 0/14] Convert remaining arches to read/update_persistent_clock"
Previous message: Len Brown: "Re: linux-next: manual merge of the acpi tree with Linus' tree"
Next in thread: Michael Stone: "Re: [PATCH 1/3] Security: Add prctl(PR_{GET,SET}_NETWORK)interface. (v3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael Stone <michael@xxxxxxxxxx> writes:

> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index f2f842d..0c65c55 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -1402,6 +1402,8 @@ struct task_struct {
> unsigned int sessionid;
> #endif
> seccomp_t seccomp;
> +/* Flags for limiting networking via prctl(PR_SET_NETWORK). */
> + unsigned long network;
>
> /* Thread group tracking */
> u32 parent_exec_id;

I think this is unnecessary, as LSM module, you should use the
void* security member of the structure cred.

this member allows you to mark task_struct as you which, it's a kind of
abstraction provided to all security modules.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Mundt: "Re: [RFC][PATCH 0/14] Convert remaining arches to read/update_persistent_clock"
Previous message: Len Brown: "Re: linux-next: manual merge of the acpi tree with Linus' tree"
Next in thread: Michael Stone: "Re: [PATCH 1/3] Security: Add prctl(PR_{GET,SET}_NETWORK)interface. (v3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]