Re: [PATCH 10/17] selinux: Implement the watch_key security hook [ver #5]

From: James Morris
Date: Wed Mar 18 2020 - 15:06:35 EST

Next message: James Morris: "Re: [PATCH 12/17] watch_queue: Add security hooks to rule on setting mount and sb watches [ver #5]"
Previous message: Vladimir Oltean: "Re: [PATCH v5 00/12] NXP DSPI bugfixes and support for LS1028A"
In reply to: David Howells: "[PATCH 10/17] selinux: Implement the watch_key security hook [ver #5]"
Next in thread: David Howells: "[PATCH 11/17] smack: Implement the watch_key and post_notification hooks [ver #5]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 18 Mar 2020, David Howells wrote:

> Implement the watch_key security hook to make sure that a key grants the
> caller View permission in order to set a watch on a key.
>
> For the moment, the watch_devices security hook is left unimplemented as
> it's not obvious what the object should be since the queue is global and
> didn't previously exist.
>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>

Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx>

--
James Morris
<jmorris@xxxxxxxxx>

Next message: James Morris: "Re: [PATCH 12/17] watch_queue: Add security hooks to rule on setting mount and sb watches [ver #5]"
Previous message: Vladimir Oltean: "Re: [PATCH v5 00/12] NXP DSPI bugfixes and support for LS1028A"
In reply to: David Howells: "[PATCH 10/17] selinux: Implement the watch_key security hook [ver #5]"
Next in thread: David Howells: "[PATCH 11/17] smack: Implement the watch_key and post_notification hooks [ver #5]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]