On 3/3/2021 4:46 PM, Paul Moore wrote: > On Mon, Feb 22, 2021 at 6:59 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: >> On 2/20/2021 6:41 AM, Paul Moore wrote: >>> On Fri, Feb 19, 2021 at 8:49 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: >>>> On 2/19/2021 3:28 PM, Paul Moore wrote: >>>>> As discussed briefly on the list (lore link below), we are a little >>>>> sloppy when it comes to using task credentials, mixing both the >>>>> subjective and object credentials. This patch set attempts to fix >>>>> this by replacing security_task_getsecid() with two new hooks that >>>>> return either the subjective (_subj) or objective (_obj) credentials. >>>>> >>>>> https://lore.kernel.org/linux-security-module/806848326.0ifERbkFSE@x2/T/ >>>>> >>>>> Casey and John, I made a quick pass through the Smack and AppArmor >>>>> code in an effort to try and do the right thing, but I will admit >>>>> that I haven't tested those changes, just the SELinux code. I >>>>> would really appreciate your help in reviewing those changes. If >>>>> you find it easier, feel free to wholesale replace my Smack/AppArmor >>>>> patch with one of your own. >>>> A quick test pass didn't show up anything obviously >>>> amiss with the Smack changes. I have will do some more >>>> through inspection, but they look fine so far. >>> Thanks for testing it out and giving it a look. Beyond the Smack >>> specific changes, I'm also interested in making sure all the hook >>> callers are correct; I believe I made the correct substitutions, but a >>> second (or third (or fourth ...)) set of eyes is never a bad idea. >> I'm still not seeing anything that looks wrong. I'd suggest that Mimi >> have a look at the IMA bits. > Assuming you are still good with these changes Casey, any chance I can > get an ACK on the LSM and Smack patches? Yes. You can add my: Acked-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> to both.
