On Wed, Nov 9, 2022 at 8:03 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 11/9/2022 3:34 PM, Paul Moore wrote:
> > On Tue, Oct 25, 2022 at 2:47 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> >> Add an integer member "features" to the struct lsm_id which
> >> identifies the API related data associated with each security
> >> module. The initial set of features maps to information that
> >> has traditionaly been available in /proc/self/attr.
> >>
> >> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> >> ---
> >> include/linux/lsm_hooks.h | 1 +
> >> include/uapi/linux/lsm.h | 14 ++++++++++++++
> >> security/apparmor/lsm.c | 1 +
> >> security/selinux/hooks.c | 2 ++
> >> security/smack/smack_lsm.c | 1 +
> >> 5 files changed, 19 insertions(+)
> > Everything Greg already said with one additional comment below.
> >
> >> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> >> index dd4b4d95a172..46b2aa6a677e 100644
> >> --- a/include/linux/lsm_hooks.h
> >> +++ b/include/linux/lsm_hooks.h
> >> @@ -1608,6 +1608,7 @@ struct security_hook_heads {
> >> struct lsm_id {
> >> const char *lsm; /* Name of the LSM */
> >> int id; /* LSM ID */
> >> + int features; /* Set of LSM features */
> > I understand why you called the field "features", but I worry it is a
> > bit too generic for 32-bits of flags. Let's make it specific to the
> > LSM label attributes; how about 'feat_attr', 'sup_attr', or something
> > along those lines?
>
> How about 'attrs_used'? I'm open to anything except 'late_for_dinner' :)
Works for me. It's also worth noting that this struct isn't part of
the UAPI so if we need to change it in the future we can.
--
paul-moore.com
