diff options
| author | Mickaël Salaün <mic@digikod.net> | 2026-06-12 20:27:55 +0300 |
|---|---|---|
| committer | Mickaël Salaün <mic@digikod.net> | 2026-06-14 00:14:56 +0300 |
| commit | d936e1a9170f9cadaa5f37586b1dfe6f20f98799 (patch) | |
| tree | f419e48cb51eec638d0f56894197cdaf1f51cf39 /include/linux/timerqueue.h | |
| parent | d8dfb4c7faa87c3e41a8678f38f136c2c7c036fa (diff) | |
| download | linux-d936e1a9170f9cadaa5f37586b1dfe6f20f98799.tar.xz | |
landlock: Set audit_net.sk for socket access checks
Set audit_net.sk in current_check_access_socket() to provide the socket
object to audit_log_lsm_data(). This makes Landlock consistent with
AppArmor, which always sets .sk for socket operations, and with
SELinux's generic socket permission checks.
The socket's local and foreign address information (laddr, lport, faddr,
fport) is logged by the shared lsm_audit.c infrastructure when the
socket has bound or connected state. Fields with zero values are
suppressed by print_ipv4_addr()/print_ipv6_addr(), so the audit output
is unchanged for the common case of bind denials on unbound sockets.
For connect denials after a prior bind, the bound local address (laddr,
lport) appears before the existing sockaddr fields (daddr, dest).
No existing fields are removed or reordered, and the new field names
(laddr, lport, faddr, fport) are standard audit fields already emitted
by other LSMs through the same lsm_audit.c code path.
Add a connect_tcp_bound audit test that binds to an allowed port and
then connects to a denied one, verifying that the denial record reports
laddr/lport from the bound socket in addition to the connect
destination.
Cc: Günther Noack <gnoack@google.com>
Cc: Tingmao Wang <m@maowtm.org>
Cc: stable@vger.kernel.org
Fixes: 9f74411a40ce ("landlock: Log TCP bind and connect denials")
Link: https://patch.msgid.link/20260612172757.1003481-1-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'include/linux/timerqueue.h')
0 files changed, 0 insertions, 0 deletions