On 7/19/2024 10:08 AM, Paul Moore wrote:
On Jul 11, 2024 Xu Kuohai <xukuohai@xxxxxxxxxxxxxxx> wrote:
To be consistent with most LSM hooks, convert the return value of
hook setprocattr to 0 or a negative error code.
Before:
- Hook setprocattr returns the number of bytes written on success
or a negative error code on failure.
After:
- Hook setprocattr returns 0 on success or a negative error code
on failure. An output parameter @wbytes is introduced to hold
the number of bytes written on success.
Signed-off-by: Xu Kuohai <xukuohai@xxxxxxxxxx>
---
fs/proc/base.c | 5 +++--
include/linux/lsm_hook_defs.h | 3 ++-
include/linux/security.h | 5 +++--
security/apparmor/lsm.c | 10 +++++++---
security/security.c | 8 +++++---
security/selinux/hooks.c | 11 ++++++++---
security/smack/smack_lsm.c | 14 ++++++++++----
7 files changed, 38 insertions(+), 18 deletions(-)
The security_setprocattr() hook is another odd case that we probably
just want to leave alone for two reasons:
1. With the move to LSM syscalls for getting/setting a task's LSM
attributes we are "freezing" the procfs API and not adding any new
entries to it.
2. The BPF LSM doesn't currently register any procfs entries.
I'd suggest leaving security_setprocattr() as-is and blocking it in
the BPF verifier, I can't see any reason why a BPF LSM would need
this hook.
OK, I'll drop this patch in the next version.
