On Mon, Apr 10, 2017 at 9:04 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 4/10/2017 11:27 AM, Djalal Harouni wrote: >> On Mon, Apr 10, 2017 at 5:42 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: >>> On 4/9/2017 3:42 AM, Djalal Harouni wrote: [...] >>>> --- a/security/security.c >>>> +++ b/security/security.c >>>> @@ -70,6 +70,7 @@ int __init security_init(void) >>>> capability_add_hooks(); >>>> yama_add_hooks(); >>>> loadpin_add_hooks(); >>>> + modautorestrict_init(); >>> This should be modautorestrict_add_hooks() if this were >>> a "minor" module, but as it's using a blob it is a "major" >>> module. Either way, this is not right. >> Do you mean that if I'm using a blob, it should go with the rest LSMs >> in do_security_initcalls() ? > > Right. Today you have coincidental non-interference because > no one else is using the task blob. As you're aware, TOMOYO > is going to start using it, and I believe the AppArmor has > plans for it as well. There are parts of the Smack cred blob > that should probably go in the task blob as they aren't used > in access decisions. I haven't looked closely enough, but that's > possible for SELinux, too. So even though it's a new blob, the > major/minor rules apply. > Ok, point taken. Thanks! -- tixxdz -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
