On 7/27/2020 9:12 AM, Stephen Smalley wrote: > On Fri, Jul 24, 2020 at 4:35 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: >> When more than one security module is exporting data to >> audit and networking sub-systems a single 32 bit integer >> is no longer sufficient to represent the data. Add a >> structure to be used instead. >> >> The lsmblob structure is currently an array of >> u32 "secids". There is an entry for each of the >> security modules built into the system that would >> use secids if active. The system assigns the module >> a "slot" when it registers hooks. If modules are >> compiled in but not registered there will be unused >> slots. >> >> A new lsm_id structure, which contains the name >> of the LSM and its slot number, is created. There >> is an instance for each LSM, which assigns the name >> and passes it to the infrastructure to set the slot. >> >> The audit rules data is expanded to use an array of >> security module data rather than a single instance. >> Because IMA uses the audit rule functions it is >> affected as well. >> >> Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> >> Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> >> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > With CONFIG_BPF_LSM=y: Thanks. I am surprised that this config option isn't under security. No problem, an easy fix. > > security/bpf/hooks.c: In function ‘bpf_lsm_init’: > security/bpf/hooks.c:18:63: error: passing argument 3 of > ‘security_add_hooks’ from incompatible pointer type > [-Werror=incompatible-pointer-types] > 18 | security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); > | ^~~~~ > | | > | char * > In file included from security/bpf/hooks.c:6: > ./include/linux/lsm_hooks.h:1592:26: note: expected ‘struct lsm_id *’ > but argument is of type ‘char *’ > 1592 | struct lsm_id *lsmid); > | ~~~~~~~~~~~~~~~^~~~~
