On Fri, 2018-05-18 at 07:58 -0700, Casey Schaufler wrote: > On 5/18/2018 4:30 AM, Mimi Zohar wrote: > > Having to define a separate LSM hook for each of the original, non > > kernel_read_file(), buffer based method callers, kind of makes sense, > > as the callers themselves are specific, but is it really necessary? > > Could we define a new, generic LSM hook named > > security_kernel_buffer_data() for this purpose? > > If there are two disparate behaviors wrapped into kernel_read_file() > Eric (bless him) is right. It should be broken into two hooks. I think > that if we look (too) carefully we'll find other places where hooks > should get broken up, or combined*. My question is just how important > is it that this gets changed? Other than the LSM call in copy_module_from_user(), this patch set is adding the LSM call in kexec_load() and firmware_fallback_sysfs(). Eric, the question remains whether we need distinct LSM hooks in each of these places or can we have a single, generic LSM hook named security_kernel_buffer_data()? Mimi