Re: [PATCH v5 2/8] LSM: Maintain a table of LSM attribute data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 11, 2023 at 7:36 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 1/11/2023 1:01 PM, Paul Moore wrote:
> > On Mon, Jan 9, 2023 at 1:07 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> >> As LSMs are registered add their lsm_id pointers to a table.
> >> This will be used later for attribute reporting.
> >>
> >> Determine the number of possible security modules based on
> >> their respective CONFIG options. This allows the number to be
> >> known at build time. This allows data structures and tables
> >> to use the constant.
> >>
> >> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> >> ---
> >>  include/linux/security.h |  2 ++
> >>  security/security.c      | 44 +++++++++++++++++++++++++++++++++-------
> >>  2 files changed, 39 insertions(+), 7 deletions(-)

...

> >> diff --git a/security/security.c b/security/security.c
> >> index 07a8fe7f92bf..a590fa98ddd6 100644
> >> --- a/security/security.c
> >> +++ b/security/security.c
> >> @@ -388,7 +408,7 @@ static void __init ordered_lsm_init(void)
> >>         for (lsm = ordered_lsms; *lsm; lsm++)
> >>                 initialize_lsm(*lsm);
> >>
> >> -       kfree(ordered_lsms);
> >> +       init_debug("lsm count            = %d\n", lsm_active_cnt);
> >>  }
> > Given 86ef3c735ec8 ("LSM: Better reporting of actual LSMs at boot"),
> > is this needed?
>
> None of what comes out from lsm.debug is strictly necessary, and
> human or script can parse "initializing lsm=", but sometimes the
> number of LSMs is interesting.

I guess what I was questioning is if printing the @lsm_active_cnt
variable provides any better information that what is already provided
by commit 86ef3c735ec8?  We currently print the enabled/active LSMs
with lsm.debug, printing a count seems a bit redundant to me.

-- 
paul-moore.com



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux