Thanks Stephen, your patch is good! I tested it with the merge of my
branch and LSM/dev-staging.
The new Landlock changes (tested in -next for a few weeks) add a new
call to security_add_hooks() which gets a new signature with commit
9b09f11320db ("LSM: Identify modules by more than name") from
the LSM/dev-staging branch [1].
I plan to send a PR with my branch in the next merge window (for
v6.7-rc1).
We should squash Stephen's patch in commit 9b09f11320db ("LSM:
Identify modules by more than name") but it would not be possible
without my branch. I see two solutions:
* keep Stephen's patch in -next only, or
* rebase LSM/dev-staging on my branch now, and rebase it later on
v6.7-rc1 once my branch is merged (which is the workflow described in
[1]).
Paul, what do you think?
[1] https://lore.kernel.org/r/CAHC9VhS1wwgH6NNd+cJz4MYogPiRV8NyPDd1yj5SpaxeUB4UVg@xxxxxxxxxxxxxx
On Fri, Oct 27, 2023 at 04:34:00PM +1100, Stephen Rothwell wrote:
> Hi all,
>
> After merging the landlock tree, today's linux-next build (powerpc
> ppc64_defconfig) failed like this:
>
> In file included from security/landlock/net.c:14:
> security/landlock/net.c: In function 'landlock_add_net_hooks':
> security/landlock/common.h:12:23: error: passing argument 3 of 'security_add_hooks' from incompatible pointer type [-Werror=incompatible-pointer-types]
> 12 | #define LANDLOCK_NAME "landlock"
> | ^~~~~~~~~~
> | |
> | char *
> security/landlock/net.c:199:28: note: in expansion of macro 'LANDLOCK_NAME'
> 199 | LANDLOCK_NAME);
> | ^~~~~~~~~~~~~
> In file included from security/landlock/setup.h:12,
> from security/landlock/cred.h:17,
> from security/landlock/net.c:15:
> include/linux/lsm_hooks.h:120:53: note: expected 'const struct lsm_id *' but argument is of type 'char *'
> 120 | const struct lsm_id *lsmid);
> | ~~~~~~~~~~~~~~~~~~~~~^~~~~
>
> Caused by commit
>
> fff69fb03dde ("landlock: Support network rules with TCP bind and connect")
>
> interacting with commit
>
> 9b09f11320db ("LSM: Identify modules by more than name")
>
> from the security tree.
>
> I have applied the following merge resolution patch.
>
> From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
> Date: Fri, 27 Oct 2023 16:13:32 +1100
> Subject: [PATCH] fixup for "landlock: Support network rules with TCP bind and
> connect"
>
> interacting with "LSM: Identify modules by more than name"
>
> Signed-off-by: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
> ---
> security/landlock/net.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/landlock/net.c b/security/landlock/net.c
> index aaa92c2b1f08..efa1b644a4af 100644
> --- a/security/landlock/net.c
> +++ b/security/landlock/net.c
> @@ -196,5 +196,5 @@ static struct security_hook_list landlock_hooks[] __ro_after_init = {
> __init void landlock_add_net_hooks(void)
> {
> security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
> - LANDLOCK_NAME);
> + &landlock_lsmid);
> }
> --
> 2.40.1
>
> --
> Cheers,
> Stephen Rothwell
