Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753627AbcKARZy (ORCPT ); Tue, 1 Nov 2016 13:25:54 -0400 Received: from nm19-vm2.bullet.mail.ne1.yahoo.com ([98.138.91.95]:55142 "EHLO nm19-vm2.bullet.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753415AbcKARZv (ORCPT ); Tue, 1 Nov 2016 13:25:51 -0400 X-Yahoo-Newman-Id: 332297.52026.bm@smtp225.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: wj8BrjYVM1lOXWivQHU1L69tZVVXxuu131YEL61MLeyjnRQ a_VoCQGzZEBWU4U92gKj15k.Fs_Lp3YDpuNCpEKCWDk5ExYfKaOgDRPcOAnF wgIbCZj5uwbI9Jj0h5XtG_Mh4CxA1df0MfRCB6.Oxs1lxzUVcQfjXskZL6H8 Iwljd9wae7rWJKATjsVh_hbrCdmJc_1SxuFdzOgY9Ga8ub1t8aOqffC4w0Lo bMNSqQurYfqiNZPmzerbUgFih9JnmaFazo.l9nDdSHBq1AQ4jwng5UXJZgsZ GSffyW.b.Mdo8uqkSIXk4iYASZPneGYRO4dyKW49zkebNbcxFE4l6AZnZNmS 8O8V5BES4Q0wUASlQzDxSvmeyS1Y___A9i0Uxu.GNxQZENOLX.Q3xL.aYTmn IQRkEoPxnM6p8..hr9haw_iufhLsW9u1U8vFaX7dS0._GJndfA22pIzzTqHk Gv8sz._nJDmzXsuijrLVFn8NxUzLvCCtAN4Xvu77pFXIeu6LqBBDpugKfm.2 l8FUT_eDjAj0AbxPUqaUPfFZB8dHTUnn1NPHrHSi1zLGlfgB8BVWe3vCLeAZ 3.DgFi2847j4YBFZT X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw-- Subject: Re: [PATCH v6 1/3] LSM: Add /sys/kernel/security/lsm To: Tetsuo Handa , linux-security-module@vger.kernel.org, jmorris@namei.org References: <00f80c77-9623-7e9e-8980-63b362a4f16c@schaufler-ca.com> <511ae6ef-9dc1-6e43-4a49-4055727dc099@schaufler-ca.com> <201611012153.IHJ52634.OSOLMFFOFVQJtH@I-love.SAKURA.ne.jp> Cc: john.johansen@canonical.com, paul@paul-moore.com, keescook@chromium.org, sds@tycho.nsa.gov, linux-kernel@vger.kernel.org From: Casey Schaufler Message-ID: <9d703b12-7b17-38a9-50c8-4bcaba8ce08f@schaufler-ca.com> Date: Tue, 1 Nov 2016 10:25:45 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <201611012153.IHJ52634.OSOLMFFOFVQJtH@I-love.SAKURA.ne.jp> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1778 Lines: 54 On 11/1/2016 5:53 AM, Tetsuo Handa wrote: > Casey Schaufler wrote: >> diff --git a/security/security.c b/security/security.c >> index f825304..f0a802ee 100644 >> --- a/security/security.c >> +++ b/security/security.c >> @@ -32,6 +32,7 @@ >> /* Maximum number of letters for an LSM name string */ >> #define SECURITY_NAME_MAX 10 >> >> +char *lsm_names; >> /* Boot-time LSM user choice */ >> static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = >> CONFIG_DEFAULT_SECURITY; >> @@ -78,6 +79,22 @@ static int __init choose_lsm(char *str) >> } >> __setup("security=", choose_lsm); >> >> +static int lsm_append(char *new, char **result) >> +{ >> + char *cp; >> + >> + if (*result == NULL) { >> + *result = kstrdup(new, GFP_KERNEL); >> + } else { >> + cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new); >> + if (cp == NULL) >> + return -ENOMEM; >> + kfree(*result); >> + *result = cp; >> + } >> + return 0; >> +} >> + > I didn't check past discussion, but how do you handle security_delete_hooks() > case (I mean, "selinux" will remain there when reading /sys/kernel/security/lsm > even after it is disabled at runtime)? Paul Moore says that SELinux is going to remove the ability to delete itself in the near future. Since that's the only module that allows deletion I don't see that it's an issue. > I think holding module name as one of > "union security_list_options" members will avoid memory allocation handling > and simplify things. I don't see how that would simplify things, and the memory allocation handling here is pretty basic. > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >