kernel-ark/include/asm-x86_64
Catherine Zhang 877ce7c1b3 [AF_UNIX]: Datagram getpeersec
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.

Patch purpose:

This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket.  The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.

Patch design and implementation:

The design and implementation is very similar to the UDP case for INET
sockets.  Basically we build upon the existing Unix domain socket API for
retrieving user credentials.  Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message).  To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt.  Then the application
retrieves the security context using the auxiliary data mechanism.

An example server application for Unix datagram socket should look like this:

toggle = 1;
toggle_len = sizeof(toggle);

setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
    cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
    if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
        cmsg_hdr->cmsg_level == SOL_SOCKET &&
        cmsg_hdr->cmsg_type == SCM_SECURITY) {
        memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
    }
}

sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.

Testing:

We have tested the patch by setting up Unix datagram client and server
applications.  We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.

Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29 16:58:06 -07:00
..
8253pit.h
a.out.h
acpi.h Revert "[PATCH] x86_64: Only do the clustered systems have unsynchronized TSC assumption on IBM systems" 2006-02-27 20:41:56 -08:00
agp.h
alternative.h [PATCH] x86_64: x86_64 version of the smp alternative patch. 2006-06-26 10:48:14 -07:00
apic.h [PATCH] x86_64: Add cpu_relax to apic_wait_icr_idle 2006-06-26 10:48:21 -07:00
apicdef.h x86_64: Remove stale lapic definition from apicdef.h 2006-04-01 22:50:03 -05:00
atomic.h [PATCH] x86_64: x86_64 version of the smp alternative patch. 2006-06-26 10:48:14 -07:00
auxvec.h
bitops.h [PATCH] x86_64: x86_64 version of the smp alternative patch. 2006-06-26 10:48:14 -07:00
boot.h
bootsetup.h
bug.h
bugs.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
byteorder.h
cache.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
cacheflush.h [PATCH] x86/x86_64: mark rodata section read-only: x86-64 support 2006-01-06 08:33:36 -08:00
calgary.h [PATCH] x86_64: Calgary IOMMU - Calgary specific bits 2006-06-26 10:48:19 -07:00
calling.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
checksum.h
compat.h [PATCH] amd64: task_pt_regs() 2006-01-12 09:08:51 -08:00
cpu.h
cpufeature.h [PATCH] x86_64: i386/x86-64 Add nmi watchdog support for new Intel CPUs 2006-06-26 10:48:22 -07:00
cputime.h
current.h
debugreg.h
delay.h
desc.h [PATCH] x86_64: Align and pad x86_64 GDT on page boundary 2006-01-11 19:04:53 -08:00
div64.h
dma-mapping.h [PATCH] x86_64: Calgary IOMMU - move valid_dma_direction into the callers 2006-06-26 10:48:18 -07:00
dma.h [PATCH] x86_64: Remove long obsolete CVS 2006-06-26 10:48:16 -07:00
dmi.h [PATCH] x86_64: Implement early DMI scanning 2006-03-25 09:10:55 -08:00
dwarf2.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
e820.h [PATCH] x86_64: Avoid EBDA area in early boot allocator 2006-05-08 09:34:56 -07:00
edac.h [PATCH] EDAC: core EDAC support code 2006-01-18 19:20:31 -08:00
elf.h [PATCH] x86_64: Fix stack/mmap randomization for compat tasks 2006-05-30 20:31:05 -07:00
emergency-restart.h
errno.h
fcntl.h
fixmap.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
floppy.h [PATCH] random: remove SA_SAMPLE_RANDOM from floppy driver 2006-06-25 10:01:00 -07:00
fpu32.h
futex.h [PATCH] lightweight robust futexes updates 2006-03-27 08:44:49 -08:00
genapic.h
hardirq.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
hpet.h [PATCH] x86_64: Rename oem_force_hpet_timer to apic_is_clustered_box 2006-06-26 10:48:19 -07:00
hw_irq.h [PATCH] genirq: add ->retrigger() irq op to consolidate hw_irq_resend() 2006-06-29 10:26:23 -07:00
i387.h [PATCH] i386/x86-64: Fix x87 information leak between processes 2006-04-20 07:58:11 -07:00
ia32_unistd.h [PATCH] x86_64: Remove most of ia32_unistd.h 2006-06-26 10:48:15 -07:00
ia32.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
ide.h
idle.h [PATCH] x86_64: Add idle notifiers 2006-01-11 19:04:55 -08:00
intel_arch_perfmon.h [PATCH] x86_64: i386/x86-64 Add nmi watchdog support for new Intel CPUs 2006-06-26 10:48:22 -07:00
io_apic.h Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 2006-05-24 09:22:21 +01:00
io.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
ioctl.h [PATCH] Generic ioctl.h 2006-01-10 08:01:34 -08:00
ioctls.h
ipcbuf.h
ipi.h [PATCH] x86_64: Remove useless KDB vector 2006-01-11 19:05:00 -08:00
irq.h [PATCH] x86_64: Increase NR_IRQ_VECTORS to 32 * NR_CPUS 2006-01-16 11:27:59 -08:00
k8.h [PATCH] x86_64: Clean and enhance up K8 northbridge access code 2006-06-26 10:48:15 -07:00
kdebug.h [PATCH] Notify page fault call chain for x86_64 2006-06-26 09:58:22 -07:00
kexec.h [PATCH] Compilation of kexec/kdump broken 2006-02-03 08:32:09 -08:00
kmap_types.h
kprobes.h [PATCH] Notify page fault call chain 2006-06-26 09:58:22 -07:00
ldt.h
linkage.h
local.h [PATCH] x86_64: Fix race in cpu_local_* on preemptible kernels 2006-06-26 10:48:21 -07:00
mach_apic.h
mc146818rtc.h
mce.h [PATCH] x86_64: mce_amd support for family 0x10 processors 2006-06-26 10:48:20 -07:00
mman.h [PATCH] add asm-generic/mman.h 2006-02-15 15:32:22 -08:00
mmsegment.h
mmu_context.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
mmu.h
mmx.h
mmzone.h [PATCH] Delete unused definitions of kvaddr_to_nid 2006-06-23 07:42:52 -07:00
module.h
mpspec.h Pull pnpacpi into acpica branch 2006-01-07 03:50:18 -05:00
msgbuf.h
msi.h [PATCH] PCI: cleanup unused variable about msi driver 2006-06-21 12:00:00 -07:00
msr.h [PATCH] Fix x86_64/msr.h interface to agree with i386/msr.h 2005-11-20 11:52:59 -08:00
mtrr.h Move inclusion of <linux/compat.h> out of user scope in asm-x86_64/mtrr.h 2006-05-21 22:51:13 +01:00
mutex.h [PATCH] x86_64: x86_64 version of the smp alternative patch. 2006-06-26 10:48:14 -07:00
namei.h
nmi.h [PATCH] x86_64: nmi watchdog header cleanup 2006-06-26 10:48:16 -07:00
node.h
numa.h [PATCH] Unify pxm_to_node() and node_to_pxm() 2006-06-23 07:42:48 -07:00
page.h Exclude asm-generic/{page,memory_model}.h from user bits of i386/x86_64 page.h 2006-04-27 15:48:08 +01:00
param.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
parport.h
pci-direct.h
pci.h [PATCH] x86_64: Calgary IOMMU - Calgary specific bits 2006-06-26 10:48:19 -07:00
pda.h [PATCH] x86_64: Reorder one field of the PDA to reduce padding 2006-03-25 09:10:56 -08:00
percpu.h [PATCH] Define __raw_get_cpu_var and use it 2006-06-25 10:01:01 -07:00
pgalloc.h [PATCH] x86_64: actively synchronize vmalloc area when registering certain callbacks 2006-03-25 09:10:53 -08:00
pgtable.h [PATCH] x86_64: Get rid of pud_offset_k / __pud_offset_k 2006-06-26 10:48:18 -07:00
poll.h [PATCH] POLLRDHUP/EPOLLRDHUP handling for half-closed devices notifications 2006-03-25 08:22:56 -08:00
posix_types.h
prctl.h
processor.h [PATCH] x86_64: moving phys_proc_id and cpu_core_id to cpuinfo_x86 2006-06-26 10:48:19 -07:00
proto.h [PATCH] x86_64: Calgary IOMMU - IOMMU abstractions 2006-06-26 10:48:18 -07:00
ptrace.h
resource.h
rtc.h
rwlock.h [PATCH] x86_64: x86_64 version of the smp alternative patch. 2006-06-26 10:48:14 -07:00
scatterlist.h
seccomp.h
sections.h
segment.h [PATCH] x86_64: Remove unused segments 2006-01-11 19:05:01 -08:00
semaphore.h [PATCH] x86_64: x86_64 version of the smp alternative patch. 2006-06-26 10:48:14 -07:00
sembuf.h
serial.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
setup.h
shmbuf.h
shmparam.h
sigcontext32.h
sigcontext.h
siginfo.h
signal.h
smp.h [PATCH] x86_64: moving phys_proc_id and cpu_core_id to cpuinfo_x86 2006-06-26 10:48:19 -07:00
socket.h [AF_UNIX]: Datagram getpeersec 2006-06-29 16:58:06 -07:00
sockios.h
sparsemem.h
spinlock_types.h
spinlock.h [PATCH] x86_64: x86_64 version of the smp alternative patch. 2006-06-26 10:48:14 -07:00
stat.h
statfs.h
string.h [PATCH] x86_64: Use __always_inline for __inline_memcpy 2006-06-26 10:48:14 -07:00
suspend.h [PATCH] x86_64: eliminate set_debug() 2006-03-25 09:10:52 -08:00
swiotlb.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
system.h [PATCH] x86_64: x86_64 version of the smp alternative patch. 2006-06-26 10:48:14 -07:00
tce.h [PATCH] x86_64: Calgary IOMMU - Calgary specific bits 2006-06-26 10:48:19 -07:00
termbits.h
termios.h
thread_info.h [PATCH] x86_64: x86_64 stack usage debugging 2006-06-26 10:48:22 -07:00
timex.h [PATCH] x86_64: fix sync before RDTSC on Intel cpus 2006-04-11 06:38:57 -07:00
tlb.h
tlbflush.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
topology.h [PATCH] sched: mc/smt power savings sched policy 2006-06-27 17:32:45 -07:00
types.h
uaccess.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
ucontext.h
unaligned.h
unistd.h [PATCH] sys_move_pages: x86_64 support 2006-06-23 07:42:53 -07:00
unwind.h [PATCH] i386/x86-64: fall back to old-style call trace if no unwinding 2006-06-26 10:48:18 -07:00
user32.h
user.h
vga.h [PATCH] vgacon: make VGA_MAP_MEM take size, remove extra use 2006-06-22 15:05:58 -07:00
vsyscall32.h
vsyscall.h [PATCH] x86_64: sparse warning cleanups 2006-01-11 19:05:02 -08:00
xor.h