Re: [PATCH v38 09/39] LSM: Add the lsmblob data structure.

From: Mickaël Salaün
Date: Wed Oct 12 2022 - 17:18:46 EST

Next message: Mickaël Salaün: "Re: [PATCH v38 20/39] LSM: Specify which LSM to display"
Previous message: Mickaël Salaün: "Re: [PATCH v38 08/39] LSM: Infrastructure management of the sock security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 27/09/2022 21:53, Casey Schaufler wrote:

When more than one security module is exporting data to
audit and networking sub-systems a single 32 bit integer
is no longer sufficient to represent the data. Add a
structure to be used instead.

The lsmblob structure is currently an array of
u32 "secids". There is an entry for each of the security
modules built into the system that would use secids if
active. The system assigns the module a "slot" when it
registers hooks. If modules are compiled in but not
registered there will be unused slots. The slot number
is added to the lsm_id structure.

The audit rules data is expanded to use an array of
security module data rather than a single instance.
A new structure audit_lsm_rules is defined to avoid the
confusion which commonly accompanies the use of
void ** parameters.

Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
---

[...]

diff --git a/security/landlock/setup.c b/security/landlock/setup.c
index 1242c61c9de4..adbe941370f3 100644
--- a/security/landlock/setup.c
+++ b/security/landlock/setup.c
@@ -27,6 +27,7 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = {
struct lsm_id landlock_lsmid __lsm_ro_after_init = {
.lsm = LANDLOCK_NAME,
.id = LSM_ID_LANDLOCK,
+ .slot = LSMBLOB_NOT_NEEDED,

Please only use one space after ".slot"

Next message: Mickaël Salaün: "Re: [PATCH v38 20/39] LSM: Specify which LSM to display"
Previous message: Mickaël Salaün: "Re: [PATCH v38 08/39] LSM: Infrastructure management of the sock security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]