Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions

From: Mimi Zohar
Date: Mon Apr 04 2016 - 19:05:30 EST

Next message: Yu, Fenghua: "RE: [PATCH 0/7] crypto: SHA256 multibuffer implementation"
Previous message: Daniel Walker: "Re: [Intel-wired-lan] [PATCH-RFC] drivers: net: ethernet: intel: e1000e: fix ethtool autoneg off for fiber"
In reply to: Kees Cook: "Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2016-04-04 at 12:31 -0700, Kees Cook wrote:
> On Thu, Mar 31, 2016 at 2:24 PM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> > On Mon, 2016-03-28 at 14:14 -0700, Kees Cook wrote:
> >
> >> +static const char *id_str[READING_MAX_ID] = {
> >> + [READING_FIRMWARE] = "firmware",
> >> + [READING_MODULE] = "kernel module",
> >> + [READING_KEXEC_IMAGE] = "kexec image",
> >> + [READING_KEXEC_INITRAMFS] = "kexec initramfs",
> >> + [READING_POLICY] = "security policy",
> >> +};
> >> +

> I wonder if there should be a function that returns a const string for
> each kernel_read_file_id enum so users of the enum don't need to do
> it?

Right, having a single, corresponding, string array would be good. Some
of the strings in id_str[] have blanks, which might be problematic for
the audit subsystem, and would need to be replaced with a hyphen or
underscore.

Mimi

Next message: Yu, Fenghua: "RE: [PATCH 0/7] crypto: SHA256 multibuffer implementation"
Previous message: Daniel Walker: "Re: [Intel-wired-lan] [PATCH-RFC] drivers: net: ethernet: intel: e1000e: fix ethtool autoneg off for fiber"
In reply to: Kees Cook: "Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]