Hi all,
After merging the landlock tree, today's linux-next build (powerpc
ppc64_defconfig) failed like this:
In file included from security/landlock/net.c:14:
security/landlock/net.c: In function 'landlock_add_net_hooks':
security/landlock/common.h:12:23: error: passing argument 3 of 'security_add_hooks' from incompatible pointer type [-Werror=incompatible-pointer-types]
12 | #define LANDLOCK_NAME "landlock"
| ^~~~~~~~~~
| |
| char *
security/landlock/net.c:199:28: note: in expansion of macro 'LANDLOCK_NAME'
199 | LANDLOCK_NAME);
| ^~~~~~~~~~~~~
In file included from security/landlock/setup.h:12,
from security/landlock/cred.h:17,
from security/landlock/net.c:15:
include/linux/lsm_hooks.h:120:53: note: expected 'const struct lsm_id *' but argument is of type 'char *'
120 | const struct lsm_id *lsmid);
| ~~~~~~~~~~~~~~~~~~~~~^~~~~
Caused by commit
fff69fb03dde ("landlock: Support network rules with TCP bind and connect")
interacting with commit
9b09f11320db ("LSM: Identify modules by more than name")
from the security tree.
I have applied the following merge resolution patch.
From: Stephen Rothwell <[email protected]>
Date: Fri, 27 Oct 2023 16:13:32 +1100
Subject: [PATCH] fixup for "landlock: Support network rules with TCP bind and
connect"
interacting with "LSM: Identify modules by more than name"
Signed-off-by: Stephen Rothwell <[email protected]>
---
security/landlock/net.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/landlock/net.c b/security/landlock/net.c
index aaa92c2b1f08..efa1b644a4af 100644
--- a/security/landlock/net.c
+++ b/security/landlock/net.c
@@ -196,5 +196,5 @@ static struct security_hook_list landlock_hooks[] __ro_after_init = {
__init void landlock_add_net_hooks(void)
{
security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
- LANDLOCK_NAME);
+ &landlock_lsmid);
}
--
2.40.1
--
Cheers,
Stephen Rothwell
Thanks Stephen, your patch is good! I tested it with the merge of my
branch and LSM/dev-staging.
The new Landlock changes (tested in -next for a few weeks) add a new
call to security_add_hooks() which gets a new signature with commit
9b09f11320db ("LSM: Identify modules by more than name") from
the LSM/dev-staging branch [1].
I plan to send a PR with my branch in the next merge window (for
v6.7-rc1).
We should squash Stephen's patch in commit 9b09f11320db ("LSM:
Identify modules by more than name") but it would not be possible
without my branch. I see two solutions:
* keep Stephen's patch in -next only, or
* rebase LSM/dev-staging on my branch now, and rebase it later on
v6.7-rc1 once my branch is merged (which is the workflow described in
[1]).
Paul, what do you think?
[1] https://lore.kernel.org/r/CAHC9VhS1wwgH6NNd+cJz4MYogPiRV8NyPDd1yj5SpaxeUB4UVg@mail.gmail.com
On Fri, Oct 27, 2023 at 04:34:00PM +1100, Stephen Rothwell wrote:
> Hi all,
>
> After merging the landlock tree, today's linux-next build (powerpc
> ppc64_defconfig) failed like this:
>
> In file included from security/landlock/net.c:14:
> security/landlock/net.c: In function 'landlock_add_net_hooks':
> security/landlock/common.h:12:23: error: passing argument 3 of 'security_add_hooks' from incompatible pointer type [-Werror=incompatible-pointer-types]
> 12 | #define LANDLOCK_NAME "landlock"
> | ^~~~~~~~~~
> | |
> | char *
> security/landlock/net.c:199:28: note: in expansion of macro 'LANDLOCK_NAME'
> 199 | LANDLOCK_NAME);
> | ^~~~~~~~~~~~~
> In file included from security/landlock/setup.h:12,
> from security/landlock/cred.h:17,
> from security/landlock/net.c:15:
> include/linux/lsm_hooks.h:120:53: note: expected 'const struct lsm_id *' but argument is of type 'char *'
> 120 | const struct lsm_id *lsmid);
> | ~~~~~~~~~~~~~~~~~~~~~^~~~~
>
> Caused by commit
>
> fff69fb03dde ("landlock: Support network rules with TCP bind and connect")
>
> interacting with commit
>
> 9b09f11320db ("LSM: Identify modules by more than name")
>
> from the security tree.
>
> I have applied the following merge resolution patch.
>
> From: Stephen Rothwell <[email protected]>
> Date: Fri, 27 Oct 2023 16:13:32 +1100
> Subject: [PATCH] fixup for "landlock: Support network rules with TCP bind and
> connect"
>
> interacting with "LSM: Identify modules by more than name"
>
> Signed-off-by: Stephen Rothwell <[email protected]>
> ---
> security/landlock/net.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/landlock/net.c b/security/landlock/net.c
> index aaa92c2b1f08..efa1b644a4af 100644
> --- a/security/landlock/net.c
> +++ b/security/landlock/net.c
> @@ -196,5 +196,5 @@ static struct security_hook_list landlock_hooks[] __ro_after_init = {
> __init void landlock_add_net_hooks(void)
> {
> security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
> - LANDLOCK_NAME);
> + &landlock_lsmid);
> }
> --
> 2.40.1
>
> --
> Cheers,
> Stephen Rothwell
On Fri, Oct 27, 2023 at 8:56 AM Mickaël Salaün <[email protected]> wrote:
>
> Thanks Stephen, your patch is good! I tested it with the merge of my
> branch and LSM/dev-staging.
>
> The new Landlock changes (tested in -next for a few weeks) add a new
> call to security_add_hooks() which gets a new signature with commit
> 9b09f11320db ("LSM: Identify modules by more than name") from
> the LSM/dev-staging branch [1].
>
> I plan to send a PR with my branch in the next merge window (for
> v6.7-rc1).
>
> We should squash Stephen's patch in commit 9b09f11320db ("LSM:
> Identify modules by more than name") but it would not be possible
> without my branch. I see two solutions:
> * keep Stephen's patch in -next only, or
> * rebase LSM/dev-staging on my branch now, and rebase it later on
> v6.7-rc1 once my branch is merged (which is the workflow described in
> [1]).
>
> Paul, what do you think?
Thanks Stephen, Mickaël.
Once the Landlock tree is pulled into Linus' tree during the next
merge window I'll update the LSM syscall patches currently living in
lsm/dev-staging and this conflict should go away. FWIW, there are
other conflicts with the LSM syscall patchset, most notably in the
syscall registrations, that should also resolve themselves when I
rebase on top of v6.7-rc1.
--
paul-moore.com
Hi all,
On Fri, 27 Oct 2023 16:34:00 +1100 Stephen Rothwell <[email protected]> wrote:
>
> After merging the landlock tree, today's linux-next build (powerpc
> ppc64_defconfig) failed like this:
>
> In file included from security/landlock/net.c:14:
> security/landlock/net.c: In function 'landlock_add_net_hooks':
> security/landlock/common.h:12:23: error: passing argument 3 of 'security_add_hooks' from incompatible pointer type [-Werror=incompatible-pointer-types]
> 12 | #define LANDLOCK_NAME "landlock"
> | ^~~~~~~~~~
> | |
> | char *
> security/landlock/net.c:199:28: note: in expansion of macro 'LANDLOCK_NAME'
> 199 | LANDLOCK_NAME);
> | ^~~~~~~~~~~~~
> In file included from security/landlock/setup.h:12,
> from security/landlock/cred.h:17,
> from security/landlock/net.c:15:
> include/linux/lsm_hooks.h:120:53: note: expected 'const struct lsm_id *' but argument is of type 'char *'
> 120 | const struct lsm_id *lsmid);
> | ~~~~~~~~~~~~~~~~~~~~~^~~~~
>
> Caused by commit
>
> fff69fb03dde ("landlock: Support network rules with TCP bind and connect")
>
> interacting with commit
>
> 9b09f11320db ("LSM: Identify modules by more than name")
>
> from the security tree.
>
> I have applied the following merge resolution patch.
>
> From: Stephen Rothwell <[email protected]>
> Date: Fri, 27 Oct 2023 16:13:32 +1100
> Subject: [PATCH] fixup for "landlock: Support network rules with TCP bind and
> connect"
>
> interacting with "LSM: Identify modules by more than name"
>
> Signed-off-by: Stephen Rothwell <[email protected]>
> ---
> security/landlock/net.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/landlock/net.c b/security/landlock/net.c
> index aaa92c2b1f08..efa1b644a4af 100644
> --- a/security/landlock/net.c
> +++ b/security/landlock/net.c
> @@ -196,5 +196,5 @@ static struct security_hook_list landlock_hooks[] __ro_after_init = {
> __init void landlock_add_net_hooks(void)
> {
> security_add_hooks(landlock_hooks, ARRAY_SIZE(landlock_hooks),
> - LANDLOCK_NAME);
> + &landlock_lsmid);
> }
> --
> 2.40.1
This is now a conflict between the security tree and Linus' tree.
--
Cheers,
Stephen Rothwell