At present, a number of the networking files that contain LSM hook calls do not directly include security.h, instead relying on the fact that net/sock.h includes it (due to the hooks in skb_set_owner_w and sock_queue_rcv_skb). I think that this omission was also true of a number of the non-networking files prior to making LSM configurable, since they could formerly rely on the fact that sched.h included security.h, but the non-networking files were fixed when LSM was made configurable. Any objections to fixing the networking files that contain LSM hook calls to always directly include security.h? The two attached patches contain the necessary changes for lsm-2.4 and lsm-2.5. I suppose we might also want to directly include it in net/tcp.h for the open request hook calls in that file; it is also relying on the sock.h include. -- Stephen Smalley, NSA sdsat_private Index: lsm-2.4/net/socket.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/socket.c,v retrieving revision 1.15 diff -u -r1.15 socket.c --- lsm-2.4/net/socket.c 3 Jan 2003 13:31:01 -0000 1.15 +++ lsm-2.4/net/socket.c 23 Jan 2003 16:30:06 -0000 @@ -74,6 +74,7 @@ #include <linux/cache.h> #include <linux/module.h> #include <linux/highmem.h> +#include <linux/security.h> #if defined(CONFIG_KMOD) && defined(CONFIG_NET) #include <linux/kmod.h> Index: lsm-2.4/net/core/datagram.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/core/datagram.c,v retrieving revision 1.4 diff -u -r1.4 datagram.c --- lsm-2.4/net/core/datagram.c 3 Jan 2003 13:31:01 -0000 1.4 +++ lsm-2.4/net/core/datagram.c 23 Jan 2003 16:16:06 -0000 @@ -37,6 +37,7 @@ #include <linux/rtnetlink.h> #include <linux/poll.h> #include <linux/highmem.h> +#include <linux/security.h> #include <net/protocol.h> #include <linux/skbuff.h> Index: lsm-2.4/net/core/rtnetlink.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/core/rtnetlink.c,v retrieving revision 1.6 diff -u -r1.6 rtnetlink.c --- lsm-2.4/net/core/rtnetlink.c 3 Jan 2003 13:31:01 -0000 1.6 +++ lsm-2.4/net/core/rtnetlink.c 23 Jan 2003 16:16:06 -0000 @@ -34,6 +34,7 @@ #include <linux/capability.h> #include <linux/skbuff.h> #include <linux/init.h> +#include <linux/security.h> #include <asm/uaccess.h> #include <asm/system.h> Index: lsm-2.4/net/core/sock.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/core/sock.c,v retrieving revision 1.3 diff -u -r1.3 sock.c --- lsm-2.4/net/core/sock.c 3 Jan 2003 13:31:03 -0000 1.3 +++ lsm-2.4/net/core/sock.c 23 Jan 2003 16:16:06 -0000 @@ -110,6 +110,7 @@ #include <linux/poll.h> #include <linux/tcp.h> #include <linux/init.h> +#include <linux/security.h> #include <asm/uaccess.h> #include <asm/system.h> Index: lsm-2.4/net/ipv4/ip_gre.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/ipv4/ip_gre.c,v retrieving revision 1.8 diff -u -r1.8 ip_gre.c --- lsm-2.4/net/ipv4/ip_gre.c 3 Jan 2003 13:31:13 -0000 1.8 +++ lsm-2.4/net/ipv4/ip_gre.c 23 Jan 2003 16:16:06 -0000 @@ -28,6 +28,7 @@ #include <linux/inetdevice.h> #include <linux/igmp.h> #include <linux/netfilter_ipv4.h> +#include <linux/security.h> #include <net/sock.h> #include <net/ip.h> Index: lsm-2.4/net/ipv4/ip_options.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/ipv4/ip_options.c,v retrieving revision 1.7 diff -u -r1.7 ip_options.c --- lsm-2.4/net/ipv4/ip_options.c 3 Jan 2003 13:31:13 -0000 1.7 +++ lsm-2.4/net/ipv4/ip_options.c 23 Jan 2003 16:16:06 -0000 @@ -18,6 +18,7 @@ #include <linux/icmp.h> #include <linux/netdevice.h> #include <linux/rtnetlink.h> +#include <linux/security.h> #include <net/sock.h> #include <net/ip.h> #include <net/icmp.h> Index: lsm-2.4/net/ipv4/ip_output.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/ipv4/ip_output.c,v retrieving revision 1.12 diff -u -r1.12 ip_output.c --- lsm-2.4/net/ipv4/ip_output.c 3 Jan 2003 13:31:13 -0000 1.12 +++ lsm-2.4/net/ipv4/ip_output.c 23 Jan 2003 16:16:06 -0000 @@ -77,6 +77,7 @@ #include <linux/netfilter_ipv4.h> #include <linux/mroute.h> #include <linux/netlink.h> +#include <linux/security.h> /* * Shall we try to damage output packets if routing dev changes? Index: lsm-2.4/net/ipv4/ipip.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/ipv4/ipip.c,v retrieving revision 1.9 diff -u -r1.9 ipip.c --- lsm-2.4/net/ipv4/ipip.c 3 Jan 2003 13:31:13 -0000 1.9 +++ lsm-2.4/net/ipv4/ipip.c 23 Jan 2003 16:16:06 -0000 @@ -108,6 +108,7 @@ #include <linux/mroute.h> #include <linux/init.h> #include <linux/netfilter_ipv4.h> +#include <linux/security.h> #include <net/sock.h> #include <net/ip.h> Index: lsm-2.4/net/ipv4/ipmr.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/ipv4/ipmr.c,v retrieving revision 1.8 diff -u -r1.8 ipmr.c --- lsm-2.4/net/ipv4/ipmr.c 3 Jan 2003 13:31:14 -0000 1.8 +++ lsm-2.4/net/ipv4/ipmr.c 23 Jan 2003 16:16:06 -0000 @@ -60,6 +60,7 @@ #include <linux/netfilter_ipv4.h> #include <net/ipip.h> #include <net/checksum.h> +#include <linux/security.h> #if defined(CONFIG_IP_PIMSM_V1) || defined(CONFIG_IP_PIMSM_V2) #define CONFIG_IP_PIMSM 1 Index: lsm-2.4/net/ipv4/syncookies.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/ipv4/syncookies.c,v retrieving revision 1.3 diff -u -r1.3 syncookies.c --- lsm-2.4/net/ipv4/syncookies.c 3 Jan 2003 13:31:14 -0000 1.3 +++ lsm-2.4/net/ipv4/syncookies.c 23 Jan 2003 16:16:06 -0000 @@ -17,6 +17,7 @@ #include <linux/tcp.h> #include <linux/slab.h> #include <linux/random.h> +#include <linux/security.h> #include <net/tcp.h> extern int sysctl_tcp_syncookies; Index: lsm-2.4/net/ipv4/tcp_ipv4.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/ipv4/tcp_ipv4.c,v retrieving revision 1.13 diff -u -r1.13 tcp_ipv4.c --- lsm-2.4/net/ipv4/tcp_ipv4.c 3 Jan 2003 13:31:14 -0000 1.13 +++ lsm-2.4/net/ipv4/tcp_ipv4.c 23 Jan 2003 16:29:46 -0000 @@ -53,6 +53,7 @@ #include <linux/random.h> #include <linux/cache.h> #include <linux/init.h> +#include <linux/security.h> #include <net/icmp.h> #include <net/tcp.h> Index: lsm-2.4/net/ipv4/tcp_minisocks.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/ipv4/tcp_minisocks.c,v retrieving revision 1.6 diff -u -r1.6 tcp_minisocks.c --- lsm-2.4/net/ipv4/tcp_minisocks.c 3 Jan 2003 13:31:14 -0000 1.6 +++ lsm-2.4/net/ipv4/tcp_minisocks.c 23 Jan 2003 16:16:06 -0000 @@ -23,6 +23,7 @@ #include <linux/config.h> #include <linux/mm.h> #include <linux/sysctl.h> +#include <linux/security.h> #include <net/tcp.h> #include <net/inet_common.h> Index: lsm-2.4/net/ipv4/netfilter/ip_queue.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/ipv4/netfilter/ip_queue.c,v retrieving revision 1.9 diff -u -r1.9 ip_queue.c --- lsm-2.4/net/ipv4/netfilter/ip_queue.c 3 Jan 2003 13:31:22 -0000 1.9 +++ lsm-2.4/net/ipv4/netfilter/ip_queue.c 23 Jan 2003 16:16:06 -0000 @@ -26,6 +26,7 @@ #include <linux/brlock.h> #include <linux/sysctl.h> #include <linux/proc_fs.h> +#include <linux/security.h> #include <net/sock.h> #include <net/route.h> Index: lsm-2.4/net/netlink/af_netlink.c =================================================================== RCS file: /home/pal/CVS/lsm-2.4/net/netlink/af_netlink.c,v retrieving revision 1.5 diff -u -r1.5 af_netlink.c --- lsm-2.4/net/netlink/af_netlink.c 3 Jan 2003 13:31:33 -0000 1.5 +++ lsm-2.4/net/netlink/af_netlink.c 23 Jan 2003 16:16:06 -0000 @@ -40,6 +40,7 @@ #include <linux/proc_fs.h> #include <linux/smp_lock.h> #include <linux/notifier.h> +#include <linux/security.h> #include <net/sock.h> #include <net/scm.h> Index: lsm-2.5/net/socket.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/socket.c,v retrieving revision 1.24 diff -u -r1.24 socket.c --- lsm-2.5/net/socket.c 9 Jan 2003 15:02:06 -0000 1.24 +++ lsm-2.5/net/socket.c 23 Jan 2003 15:35:56 -0000 @@ -77,6 +77,7 @@ #include <linux/highmem.h> #include <linux/divert.h> #include <linux/mount.h> +#include <linux/security.h> #if defined(CONFIG_KMOD) && defined(CONFIG_NET) #include <linux/kmod.h> Index: lsm-2.5/net/core/datagram.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/core/datagram.c,v retrieving revision 1.6 diff -u -r1.6 datagram.c --- lsm-2.5/net/core/datagram.c 4 Dec 2002 21:58:40 -0000 1.6 +++ lsm-2.5/net/core/datagram.c 23 Jan 2003 15:36:11 -0000 @@ -47,6 +47,7 @@ #include <linux/rtnetlink.h> #include <linux/poll.h> #include <linux/highmem.h> +#include <linux/security.h> #include <net/protocol.h> #include <linux/skbuff.h> Index: lsm-2.5/net/core/rtnetlink.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/core/rtnetlink.c,v retrieving revision 1.7 diff -u -r1.7 rtnetlink.c --- lsm-2.5/net/core/rtnetlink.c 17 Jan 2003 15:23:12 -0000 1.7 +++ lsm-2.5/net/core/rtnetlink.c 23 Jan 2003 15:36:29 -0000 @@ -34,6 +34,7 @@ #include <linux/capability.h> #include <linux/skbuff.h> #include <linux/init.h> +#include <linux/security.h> #include <asm/uaccess.h> #include <asm/system.h> Index: lsm-2.5/net/core/sock.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/core/sock.c,v retrieving revision 1.7 diff -u -r1.7 sock.c --- lsm-2.5/net/core/sock.c 4 Dec 2002 21:58:41 -0000 1.7 +++ lsm-2.5/net/core/sock.c 23 Jan 2003 15:36:48 -0000 @@ -109,6 +109,7 @@ #include <linux/poll.h> #include <linux/tcp.h> #include <linux/init.h> +#include <linux/security.h> #include <asm/uaccess.h> #include <asm/system.h> Index: lsm-2.5/net/ipv4/ip_gre.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_gre.c,v retrieving revision 1.12 diff -u -r1.12 ip_gre.c --- lsm-2.5/net/ipv4/ip_gre.c 4 Dec 2002 21:58:44 -0000 1.12 +++ lsm-2.5/net/ipv4/ip_gre.c 23 Jan 2003 15:37:50 -0000 @@ -28,6 +28,7 @@ #include <linux/inetdevice.h> #include <linux/igmp.h> #include <linux/netfilter_ipv4.h> +#include <linux/security.h> #include <net/sock.h> #include <net/ip.h> Index: lsm-2.5/net/ipv4/ip_options.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_options.c,v retrieving revision 1.5 diff -u -r1.5 ip_options.c --- lsm-2.5/net/ipv4/ip_options.c 4 Dec 2002 21:58:44 -0000 1.5 +++ lsm-2.5/net/ipv4/ip_options.c 23 Jan 2003 15:40:00 -0000 @@ -18,6 +18,7 @@ #include <linux/icmp.h> #include <linux/netdevice.h> #include <linux/rtnetlink.h> +#include <linux/security.h> #include <net/sock.h> #include <net/ip.h> #include <net/icmp.h> Index: lsm-2.5/net/ipv4/ip_output.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_output.c,v retrieving revision 1.16 diff -u -r1.16 ip_output.c --- lsm-2.5/net/ipv4/ip_output.c 13 Jan 2003 17:37:22 -0000 1.16 +++ lsm-2.5/net/ipv4/ip_output.c 23 Jan 2003 15:38:22 -0000 @@ -81,6 +81,7 @@ #include <linux/netfilter_ipv4.h> #include <linux/mroute.h> #include <linux/netlink.h> +#include <linux/security.h> /* * Shall we try to damage output packets if routing dev changes? Index: lsm-2.5/net/ipv4/ipip.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ipip.c,v retrieving revision 1.11 diff -u -r1.11 ipip.c --- lsm-2.5/net/ipv4/ipip.c 4 Dec 2002 21:58:44 -0000 1.11 +++ lsm-2.5/net/ipv4/ipip.c 23 Jan 2003 15:38:36 -0000 @@ -108,6 +108,7 @@ #include <linux/mroute.h> #include <linux/init.h> #include <linux/netfilter_ipv4.h> +#include <linux/security.h> #include <net/sock.h> #include <net/ip.h> Index: lsm-2.5/net/ipv4/ipmr.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ipmr.c,v retrieving revision 1.11 diff -u -r1.11 ipmr.c --- lsm-2.5/net/ipv4/ipmr.c 4 Dec 2002 21:58:44 -0000 1.11 +++ lsm-2.5/net/ipv4/ipmr.c 23 Jan 2003 15:38:53 -0000 @@ -60,6 +60,7 @@ #include <linux/netfilter_ipv4.h> #include <net/ipip.h> #include <net/checksum.h> +#include <linux/security.h> #if defined(CONFIG_IP_PIMSM_V1) || defined(CONFIG_IP_PIMSM_V2) #define CONFIG_IP_PIMSM 1 Index: lsm-2.5/net/ipv4/syncookies.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/syncookies.c,v retrieving revision 1.4 diff -u -r1.4 syncookies.c --- lsm-2.5/net/ipv4/syncookies.c 4 Dec 2002 21:58:44 -0000 1.4 +++ lsm-2.5/net/ipv4/syncookies.c 23 Jan 2003 15:40:22 -0000 @@ -17,6 +17,7 @@ #include <linux/tcp.h> #include <linux/slab.h> #include <linux/random.h> +#include <linux/security.h> #include <net/tcp.h> extern int sysctl_tcp_syncookies; Index: lsm-2.5/net/ipv4/tcp_ipv4.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/tcp_ipv4.c,v retrieving revision 1.24 diff -u -r1.24 tcp_ipv4.c --- lsm-2.5/net/ipv4/tcp_ipv4.c 13 Jan 2003 20:48:29 -0000 1.24 +++ lsm-2.5/net/ipv4/tcp_ipv4.c 23 Jan 2003 15:39:26 -0000 @@ -71,6 +71,7 @@ #include <linux/stddef.h> #include <linux/proc_fs.h> #include <linux/seq_file.h> +#include <linux/security.h> extern int sysctl_ip_dynaddr; extern int sysctl_ip_default_ttl; Index: lsm-2.5/net/ipv4/tcp_minisocks.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/tcp_minisocks.c,v retrieving revision 1.12 diff -u -r1.12 tcp_minisocks.c --- lsm-2.5/net/ipv4/tcp_minisocks.c 9 Jan 2003 15:02:15 -0000 1.12 +++ lsm-2.5/net/ipv4/tcp_minisocks.c 23 Jan 2003 15:39:43 -0000 @@ -23,6 +23,7 @@ #include <linux/config.h> #include <linux/mm.h> #include <linux/sysctl.h> +#include <linux/security.h> #include <net/tcp.h> #include <net/inet_common.h> #include <net/xfrm.h> Index: lsm-2.5/net/ipv4/netfilter/ip_queue.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/netfilter/ip_queue.c,v retrieving revision 1.7 diff -u -r1.7 ip_queue.c --- lsm-2.5/net/ipv4/netfilter/ip_queue.c 4 Dec 2002 21:58:47 -0000 1.7 +++ lsm-2.5/net/ipv4/netfilter/ip_queue.c 23 Jan 2003 15:40:57 -0000 @@ -26,6 +26,7 @@ #include <linux/brlock.h> #include <linux/sysctl.h> #include <linux/proc_fs.h> +#include <linux/security.h> #include <net/sock.h> #include <net/route.h> Index: lsm-2.5/net/netlink/af_netlink.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/netlink/af_netlink.c,v retrieving revision 1.11 diff -u -r1.11 af_netlink.c --- lsm-2.5/net/netlink/af_netlink.c 10 Dec 2002 14:39:19 -0000 1.11 +++ lsm-2.5/net/netlink/af_netlink.c 23 Jan 2003 15:41:16 -0000 @@ -42,6 +42,7 @@ #include <linux/proc_fs.h> #include <linux/smp_lock.h> #include <linux/notifier.h> +#include <linux/security.h> #include <net/sock.h> #include <net/scm.h> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 12:26:32 PST