Re: [PATCH v2 00/25] LSM: Module stacking for AppArmor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 18, 2019 at 04:05:26PM -0700, Casey Schaufler wrote:
> Patches 0004-0014 replace system use of a "secid" with
> a structure "lsmblob" containing information from the
> security modules to be held and reused later. At this
> point lsmblob contains an array of u32 secids, one "slot"
> for each of the security modules compiled into the
> kernel that used secids. A "slot" is allocated when
> a security module registers a hook for one of the interfaces
> that uses a secid or a security context. The infrastructure
> is changed to use the slot number to pass the correct
> secid to or from the security module hooks.

I found 14/25 in your git tree. Very satisfying to see all the
scaffolding vanish for process_measurement() :)

I like this progression in 4-14; I find it much much easier to review.
My only complaint is the variable names. I think I'd prefer "blob" over
"le" or "l", which are both contain very little information about what
they are.

-- 
Kees Cook



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux