On Wed, Aug 26, 2020 at 11:05 AM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > Change the security_kernel_act_as interface to use a lsmblob > structure in place of the single u32 secid in support of > module stacking. Change its only caller, set_security_override, > to do the same. Change that one's only caller, > set_security_override_from_ctx, to call it with the new > parameter type. > > The security module hook is unchanged, still taking a secid. > The infrastructure passes the correct entry from the lsmblob. > lsmblob_init() is used to fill the lsmblob structure, however > this will be removed later in the series when security_secctx_to_secid() > is undated to provide a lsmblob instead of a secid. > > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> > Reviewed-by: John Johansen <john.johansen@xxxxxxxxxxxxx> > Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > --- > include/linux/cred.h | 3 ++- > include/linux/security.h | 5 +++-- > kernel/cred.c | 10 ++++++---- > security/security.c | 14 ++++++++++++-- > 4 files changed, 23 insertions(+), 9 deletions(-) Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> -- paul moore www.paul-moore.com
