On 10/10/2024 8:08 PM, Paul Moore wrote: > On Oct 9, 2024 Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: >> When more than one security module is exporting data to audit and >> networking sub-systems a single 32 bit integer is no longer >> sufficient to represent the data. Add a structure to be used instead. >> >> The lsm_prop structure definition is intended to keep the LSM >> specific information private to the individual security modules. >> The module specific information is included in a new set of >> header files under include/lsm. Each security module is allowed >> to define the information included for its use in the lsm_prop. >> SELinux includes a u32 secid. Smack includes a pointer into its >> global label list. The conditional compilation based on feature >> inclusion is contained in the include/lsm files. >> >> Suggested-by: Paul Moore <paul@xxxxxxxxxxxxxx> >> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> >> Cc: apparmor@xxxxxxxxxxxxxxxx >> Cc: bpf@xxxxxxxxxxxxxxx >> Cc: selinux@xxxxxxxxxxxxxxx >> Cc: linux-security-module@xxxxxxxxxxxxxxx >> --- >> include/linux/lsm/apparmor.h | 17 +++++++++++++++++ >> include/linux/lsm/bpf.h | 16 ++++++++++++++++ >> include/linux/lsm/selinux.h | 16 ++++++++++++++++ >> include/linux/lsm/smack.h | 17 +++++++++++++++++ >> include/linux/security.h | 20 ++++++++++++++++++++ >> 5 files changed, 86 insertions(+) >> create mode 100644 include/linux/lsm/apparmor.h >> create mode 100644 include/linux/lsm/bpf.h >> create mode 100644 include/linux/lsm/selinux.h >> create mode 100644 include/linux/lsm/smack.h > Looks good to me, thanks for the lsm_prop rename. As a FYI, I did add > a line to the MAINTAINERS entry for include/linux/lsm/. Thank you. > > -- > paul-moore.com
