Re: [PATCH v38 09/39] LSM: Add the lsmblob data structure.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 27/09/2022 21:53, Casey Schaufler wrote:
When more than one security module is exporting data to
audit and networking sub-systems a single 32 bit integer
is no longer sufficient to represent the data. Add a
structure to be used instead.

The lsmblob structure is currently an array of
u32 "secids". There is an entry for each of the security
modules built into the system that would use secids if
active. The system assigns the module a "slot" when it
registers hooks. If modules are compiled in but not
registered there will be unused slots. The slot number
is added to the lsm_id structure.

The audit rules data is expanded to use an array of
security module data rather than a single instance.
A new structure audit_lsm_rules is defined to avoid the
confusion which commonly accompanies the use of
void ** parameters.

Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
---

[...]

diff --git a/security/landlock/setup.c b/security/landlock/setup.c
index 1242c61c9de4..adbe941370f3 100644
--- a/security/landlock/setup.c
+++ b/security/landlock/setup.c
@@ -27,6 +27,7 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = {
  struct lsm_id landlock_lsmid __lsm_ro_after_init = {
  	.lsm      = LANDLOCK_NAME,
  	.id       = LSM_ID_LANDLOCK,
+	.slot     = LSMBLOB_NOT_NEEDED,

Please only use one space after ".slot"



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux