Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1030486AbcJ0Ve7 (ORCPT ); Thu, 27 Oct 2016 17:34:59 -0400 Received: from mail-wm0-f52.google.com ([74.125.82.52]:35815 "EHLO mail-wm0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754371AbcJ0Vew (ORCPT ); Thu, 27 Oct 2016 17:34:52 -0400 MIME-Version: 1.0 In-Reply-To: <00f80c77-9623-7e9e-8980-63b362a4f16c@schaufler-ca.com> References: <00f80c77-9623-7e9e-8980-63b362a4f16c@schaufler-ca.com> From: Kees Cook Date: Thu, 27 Oct 2016 14:34:13 -0700 X-Google-Sender-Auth: vzPCJyD3WufsQYooNXDDFfBsTc4 Message-ID: Subject: Re: [PATCH v6 0/3] LSM: security module information improvements To: Casey Schaufler Cc: LSM , James Morris , John Johansen , Paul Moore , Stephen Smalley , Tetsuo Handa , LKLM Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2509 Lines: 74 On Wed, Oct 26, 2016 at 4:56 PM, Casey Schaufler wrote: > Subject: [PATCH v6 0/3] LSM: security module information improvements > > Changes from v5: > Rebased on 4.9-rc2 > > Changes from v4: > Use kasprintf instead of kzalloc() ... sprintf in more places. > More in the documentation. > Separate module information in contexts with ",". (not yet visible) > > Changes from v3: > Use kasprintf instead of kzalloc() ... sprintf. > > Create interfaces that make it possible to deal with process > attributes in the face of multiple "major" security modules. > > Patch 1/3 adds /sys/kernel/security/lsm, which provides > a list of the active security modules on the system. > > $ cat /sys/kernel/security/lsm > capability,yama,loadpin,smack > > Patch 2/3 adds a subdirectory in /proc/.../attr for each > security module that exports process attribute data. This > allows a program in easily differentiate between the "current" > value for Smack and AppArmor. > > $ cat /proc/self/attr/smack/current > System > > $ cat /proc/self/attr/apparmor/current > unconfined > > Patch 3/3 adds an interface that provides module identified > information that otherwise matches the "current" attr. > This allows a system with multiple modules to provide the > complete security "context" in one place. A (future) system > with both Smack and AppArmor might report: > > $ cat /proc/self/attr/context > smack='System',apparmor='unconfined' > > Signed-off-by: Casey Schaufler > > --- > Documentation/security/LSM.txt | 34 ++++++-- > fs/proc/base.c | 95 +++++++++++++++++++--- > fs/proc/internal.h | 1 + > include/linux/lsm_hooks.h | 12 +-- > include/linux/security.h | 15 ++-- > security/apparmor/lsm.c | 38 +++++++-- > security/commoncap.c | 3 +- > security/inode.c | 26 +++++- > security/loadpin/loadpin.c | 2 +- > security/security.c | 177 ++++++++++++++++++++++++++++++++++++++++- > security/selinux/hooks.c | 22 ++++- > security/smack/smack_lsm.c | 22 ++--- > security/tomoyo/tomoyo.c | 2 +- > security/yama/yama_lsm.c | 2 +- > 14 files changed, 395 insertions(+), 56 deletions(-) > I remain happy with this. :) Reviewed-by: Kees Cook (With my LSM parts Acked-by...) -Kees -- Kees Cook Nexus Security