From patchwork Thu Jan  7 14:34:16 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Samir Bellabes <sam@synack.fr>
X-Patchwork-Id: 42438
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id F20FDB6F04
	for <patchwork-incoming@ozlabs.org>;
	Fri,  8 Jan 2010 01:34:25 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752854Ab0AGOeT (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Thu, 7 Jan 2010 09:34:19 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752852Ab0AGOeT
	(ORCPT <rfc822;netdev-outgoing>); Thu, 7 Jan 2010 09:34:19 -0500
Received: from bob75-7-88-160-5-175.fbx.proxad.net ([88.160.5.175]:50996
	"EHLO
	cerbere.dyndns.info" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752532Ab0AGOeS (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 7 Jan 2010 09:34:18 -0500
Received: by cerbere.dyndns.info (Postfix, from userid 501)
	id 411FB83D7; Thu,  7 Jan 2010 15:34:16 +0100 (CET)
From: Samir Bellabes <sam@synack.fr>
To: Patrick McHardy <kaber@trash.net>
Cc: linux-security-module@vger.kernel.org, jamal <hadi@cyberus.ca>,
	Evgeniy Polyakov <zbr@ioremap.net>,
	Neil Horman <nhorman@tuxdriver.com>, netdev@vger.kernel.org,
	netfilter-devel@vger.kernel.org
Subject: Re: [RFC 4/9] snet: introduce snet_core.c and snet.h
References: <1262437456-24476-1-git-send-email-sam@synack.fr>
	<1262437456-24476-5-git-send-email-sam@synack.fr>
	<4B41FE9D.2070708@trash.net>
Date: Thu, 07 Jan 2010 15:34:16 +0100
In-Reply-To: <4B41FE9D.2070708@trash.net> (Patrick McHardy's message of "Mon,
	04 Jan 2010 15:43:41 +0100")
Message-ID: <m2ocl6m1av.fsf@ssh.synack.fr>
User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Patrick McHardy <kaber@trash.net> writes:

>> +unsigned int event_hash_size = 16;
>> +module_param(event_hash_size, uint, 0600);
>> +MODULE_PARM_DESC(event_hash_size, "Set the size of the event hash table");
>> +
>> +unsigned int verdict_hash_size = 16;
>> +module_param(verdict_hash_size, uint, 0600);
>> +MODULE_PARM_DESC(verdict_hash_size, "Set the size of the verdict hash table");
>
> I can't see anything handling size changes after initialization,
> so there should probably use 0400.

right, here is a patch

thanks Patrick,
sam

commit af9c2157ecb130c1d08bcbeb121e4f50b3e40ab0
Author: Samir Bellabes <sam@synack.fr>
Date:   Tue Jan 5 17:58:42 2010 +0100

    snet: fixing permission of snet module's parameters
    
    the values of parameters are not changing after initialisation.
    So permissions should be 0400
    
    Noticed by Patrick McHardy <kaber@trash.net>
    
    Signed-off-by: Samir Bellabes <sam@synack.fr>
---
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/security/snet/snet_core.c b/security/snet/snet_core.c
index 6e2befc..bf55758 100644
--- a/security/snet/snet_core.c
+++ b/security/snet/snet_core.c
@@ -10,11 +10,11 @@
 #include "snet_utils.h"
 
 unsigned int snet_evh_size = 16;
-module_param(snet_evh_size, uint, 0600);
+module_param(snet_evh_size, uint, 0400);
 MODULE_PARM_DESC(snet_evh_size, "Set the size of the event hash table");
 
 unsigned int snet_vdh_size = 16;
-module_param(snet_vdh_size, uint, 0600);
+module_param(snet_vdh_size, uint, 0400);
 MODULE_PARM_DESC(snet_vdh_size, "Set the size of the verdict hash table");
 
 unsigned int snet_verdict_delay = 5;
@@ -22,7 +22,7 @@ module_param(snet_verdict_delay, uint, 0600);
 MODULE_PARM_DESC(snet_verdict_delay, "Set the timeout for verdicts in secs");
 
 unsigned int snet_verdict_policy = SNET_VERDICT_GRANT;	/* permissive by default */
-module_param(snet_verdict_policy, uint, 0600);
+module_param(snet_verdict_policy, uint, 0400);
 MODULE_PARM_DESC(snet_verdict_policy, "Set the default verdict");
 
 #ifdef CONFIG_SECURITY_SNET_DEBUG