Re: [RFC] [PATCH] [4/6] LSM Stacking: seclvl LSM stacking support

From: Serge Hallyn
Date: Thu Nov 04 2004 - 17:21:43 EST

Next message: Serge Hallyn: "Re: [RFC] [PATCH] [5/6] LSM Stacking: SELinux LSM stacking support"
Previous message: Serge Hallyn: "Re: [RFC] [PATCH] [2/6] LSM Stacking: Add stacker LSM"
In reply to: Chris Wright: "Re: [RFC] [PATCH] [2/6] LSM Stacking: Add stacker LSM"
Next in thread: Serge Hallyn: "Re: [RFC] [PATCH] [5/6] LSM Stacking: SELinux LSM stacking support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch adds stacking support to the BSD Secure Level LSM.

Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>

Index: linux-2.6.10-rc1-bk12-stack/security/seclvl.c
===================================================================
--- linux-2.6.10-rc1-bk12-stack.orig/security/seclvl.c 2004-11-02
20:28:47.000000000 -0600
+++ linux-2.6.10-rc1-bk12-stack/security/seclvl.c 2004-11-03
23:01:08.478130544 -0600
@@ -58,6 +58,8 @@
MODULE_PARM_DESC(verbosity, "Initial verbosity level (0 or 1; defaults
to "
"0, which is Quiet)");

+static int seclvl_idx;
+
/**
* Optional password which can be passed in to bring seclvl to 0
* (i.e., for halt/reboot). Defaults to NULL (the passwd attribute
@@ -498,7 +500,7 @@
return -EPERM;
}
/* claimed, mark it to release on close */
- inode->i_security = current;
+ inode->i_security[seclvl_idx] = current;
}
return 0;
}
@@ -506,12 +508,12 @@
/* release the blockdev if you claimed it */
static void seclvl_bd_release(struct inode *inode)
{
- if (inode && S_ISBLK(inode->i_mode) && inode->i_security == current) {
+ if (inode && S_ISBLK(inode->i_mode) && inode->i_security[seclvl_idx]
== current) {
struct block_device *bdev = inode->i_bdev;
if (bdev) {
bd_release(bdev);
blkdev_put(bdev);
- inode->i_security = NULL;
+ inode->i_security[seclvl_idx] = NULL;
}
}
}
@@ -697,11 +699,12 @@
"seclvl: Failure registering with the "
"kernel.\n");
/* try registering with primary module */
- rc = mod_reg_security(MY_NAME, &seclvl_ops);
- if (rc) {
+ seclvl_idx = mod_reg_security(MY_NAME, &seclvl_ops);
+ if (seclvl_idx < 0) {
seclvl_printk(0, KERN_ERR, "seclvl: Failure "
"registering with primary security "
"module.\n");
+ rc = seclvl_idx;
goto exit;
} /* if primary module registered */
secondary = 1;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Serge Hallyn: "Re: [RFC] [PATCH] [5/6] LSM Stacking: SELinux LSM stacking support"
Previous message: Serge Hallyn: "Re: [RFC] [PATCH] [2/6] LSM Stacking: Add stacker LSM"
In reply to: Chris Wright: "Re: [RFC] [PATCH] [2/6] LSM Stacking: Add stacker LSM"
Next in thread: Serge Hallyn: "Re: [RFC] [PATCH] [5/6] LSM Stacking: SELinux LSM stacking support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]