To: casey@schaufler-ca.com, linux-security-module@vger.kernel.org,
        jmorris@namei.org
Cc: john.johansen@canonical.com, paul@paul-moore.com,
        keescook@chromium.org, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 1/3] LSM: Add /sys/kernel/security/lsm
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
References: <00f80c77-9623-7e9e-8980-63b362a4f16c@schaufler-ca.com>
        <511ae6ef-9dc1-6e43-4a49-4055727dc099@schaufler-ca.com>
In-Reply-To: <511ae6ef-9dc1-6e43-4a49-4055727dc099@schaufler-ca.com>
Message-Id: <201611012153.IHJ52634.OSOLMFFOFVQJtH@I-love.SAKURA.ne.jp>
Date: Tue, 1 Nov 2016 21:53:09 +0900
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1192
Lines: 39

Casey Schaufler wrote:
> diff --git a/security/security.c b/security/security.c
> index f825304..f0a802ee 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -32,6 +32,7 @@
>  /* Maximum number of letters for an LSM name string */
>  #define SECURITY_NAME_MAX	10
>  
> +char *lsm_names;
>  /* Boot-time LSM user choice */
>  static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
>  	CONFIG_DEFAULT_SECURITY;
> @@ -78,6 +79,22 @@ static int __init choose_lsm(char *str)
>  }
>  __setup("security=", choose_lsm);
>  
> +static int lsm_append(char *new, char **result)
> +{
> +	char *cp;
> +
> +	if (*result == NULL) {
> +		*result = kstrdup(new, GFP_KERNEL);
> +	} else {
> +		cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new);
> +		if (cp == NULL)
> +			return -ENOMEM;
> +		kfree(*result);
> +		*result = cp;
> +	}
> +	return 0;
> +}
> +

I didn't check past discussion, but how do you handle security_delete_hooks()
case (I mean, "selinux" will remain there when reading /sys/kernel/security/lsm
even after it is disabled at runtime)? I think holding module name as one of
"union security_list_options" members will avoid memory allocation handling
and simplify things.