Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1169030AbcKAMxQ (ORCPT ); Tue, 1 Nov 2016 08:53:16 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:60467 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1169005AbcKAMxP (ORCPT ); Tue, 1 Nov 2016 08:53:15 -0400 To: casey@schaufler-ca.com, linux-security-module@vger.kernel.org, jmorris@namei.org Cc: john.johansen@canonical.com, paul@paul-moore.com, keescook@chromium.org, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org Subject: Re: [PATCH v6 1/3] LSM: Add /sys/kernel/security/lsm From: Tetsuo Handa References: <00f80c77-9623-7e9e-8980-63b362a4f16c@schaufler-ca.com> <511ae6ef-9dc1-6e43-4a49-4055727dc099@schaufler-ca.com> In-Reply-To: <511ae6ef-9dc1-6e43-4a49-4055727dc099@schaufler-ca.com> Message-Id: <201611012153.IHJ52634.OSOLMFFOFVQJtH@I-love.SAKURA.ne.jp> X-Mailer: Winbiff [Version 2.51 PL2] X-Accept-Language: ja,en,zh Date: Tue, 1 Nov 2016 21:53:09 +0900 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1192 Lines: 39 Casey Schaufler wrote: > diff --git a/security/security.c b/security/security.c > index f825304..f0a802ee 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -32,6 +32,7 @@ > /* Maximum number of letters for an LSM name string */ > #define SECURITY_NAME_MAX 10 > > +char *lsm_names; > /* Boot-time LSM user choice */ > static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = > CONFIG_DEFAULT_SECURITY; > @@ -78,6 +79,22 @@ static int __init choose_lsm(char *str) > } > __setup("security=", choose_lsm); > > +static int lsm_append(char *new, char **result) > +{ > + char *cp; > + > + if (*result == NULL) { > + *result = kstrdup(new, GFP_KERNEL); > + } else { > + cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new); > + if (cp == NULL) > + return -ENOMEM; > + kfree(*result); > + *result = cp; > + } > + return 0; > +} > + I didn't check past discussion, but how do you handle security_delete_hooks() case (I mean, "selinux" will remain there when reading /sys/kernel/security/lsm even after it is disabled at runtime)? I think holding module name as one of "union security_list_options" members will avoid memory allocation handling and simplify things.