Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp14377rwb; Wed, 9 Nov 2022 19:05:25 -0800 (PST) X-Google-Smtp-Source: AMsMyM7AQ9h54yIY1mhHqghKzIGPKE2YSDZyRTrI8H38kFLcU8KymzOaoKg83lfi1eHRlLfxltMY X-Received: by 2002:a17:906:3c49:b0:78d:4cdf:b40a with SMTP id i9-20020a1709063c4900b0078d4cdfb40amr2095691ejg.102.1668049525418; Wed, 09 Nov 2022 19:05:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668049525; cv=none; d=google.com; s=arc-20160816; b=T8ZckkeCZaIpKt5vL6Iv34pEaMKlOeNXJGt+qyeeXuJyVI+Z1AAjYEx9jIsmzgOnNQ p4GilEkqibfqSiY6L8iPAaXh22cETtiR1jPTlHKM50LvAvPb70uvvnBYq4NSvtdA15W3 lvrG/tZ0NgS9x8axBaQMW/2so1IdEoBywfPFQd4NwlE+1u1+eqyxKJLiZ1l7ttRWt5qE eRnLv4Vc9gihNR2RAHpyqxXzd6u/TS+IpmxZKyU5pBIV5z3Sr0KAn9gNPO/szNj+MOiV iwKPN0NT548F5XnoIgls7ntczDiRECDWv1MsThDaQ+B16zX+dMOqLmEha4q/ZOOzSd9g kBWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=OYh8JewXibsPkb2Z3MMAqrhOHn0psMI7TBUe5ndLAK0=; b=GkZMSU7sNC3qSW4VuB82izgAX74y84SSXZkQ0WmsNP6up2r0ZOYzo5T6DwJpctMbwl Sx7d3mMXXblOma7R1jG5xx+nQi5t4QTGDfXJwXLsItTSg7Z1/DkxXOiqaTWa3sPd7RYz 6+m2hM7bbTLsqSQVjvPJHkb5GR+9PFpRd5PU46kVEYJPQw+V2mCysAfWnrtuYwMekHXf n+BJMqxEvZteTpAfk3fRp5hVY2Vcw8YoVrOxbaVJu+AyCPI7aKggTUhzCfNSejmJbw0K OcR5NNZWMkyriJwSu/Onr+ri4NRRlJ/29I969t3fn8X3FXX/uQMkxuSmwOqqMi5BdyHL e0wQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=xpUAr1Z5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e8-20020a056402190800b00458b752f449si21493140edz.91.2022.11.09.19.04.59; Wed, 09 Nov 2022 19:05:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=xpUAr1Z5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232405AbiKJCjj (ORCPT + 92 others); Wed, 9 Nov 2022 21:39:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47562 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232350AbiKJCj3 (ORCPT ); Wed, 9 Nov 2022 21:39:29 -0500 Received: from mail-yw1-x112b.google.com (mail-yw1-x112b.google.com [IPv6:2607:f8b0:4864:20::112b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C43221583E for ; Wed, 9 Nov 2022 18:39:28 -0800 (PST) Received: by mail-yw1-x112b.google.com with SMTP id 00721157ae682-367b8adf788so4060157b3.2 for ; Wed, 09 Nov 2022 18:39:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=OYh8JewXibsPkb2Z3MMAqrhOHn0psMI7TBUe5ndLAK0=; b=xpUAr1Z56NY7MMKNr7XMSecr2JNqhyOv2jPPrqp75f5OOE8TjkHD3cHOsGKXQ1j6M6 kh25cOBc/4aaFQAIeIkls4GvC3z+UwS8caVTToF/OTAD4ZCAQFYJfxz1hmJjwe6blCdd rhFf4kkgxLluZvE2lxYmyQTmK5Z3BxVR2Zp/A3e03LVH5R7I/0jjCL+8IuuGkr9wZHJF QZVje2nNPGsNl8nfSmi0FdJLmE5B0PlSsDDNuVW4V3NTMxvqKEN23XC8LPDQ9yFG65Za V3IDVin4lYw5PdhMABi0ODXWeAUn3AOqRt7XQoT6X/3o8Qh5oE0YU69FDoCo3arNxqIg LDLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OYh8JewXibsPkb2Z3MMAqrhOHn0psMI7TBUe5ndLAK0=; b=qCph9nPdlfPxLz/4GxBJqJBHBiJYSUoe5R+UWw1lT1/zdFeCDZcrPWDxsNdYtxRCv+ xbqmV2raUrVqJLfBtAzUQdHJHmor7ryukAv9C+bsi8g0Uk3gxr0HqWZis9kxEYtUP90+ 6tmVA+OkQI9UupLonnQkNVPbv1CfqtIbCNFAxz70ire/zP/nla63EZwY4NaK6i7AV5xd pbTVdWAaK4Z8hO9Lb0QjAFF6ir3wf80EzqvZQGJtWNk23RH7Ej4DGcn2Finx7nsP0Mm4 a0bR+Wt0wk1t95e6c/xw9OGCwm57Gxlngmfc4byNHoBcBxIrfdn9o/sPDvsqJNT1TOcS f9LA== X-Gm-Message-State: ACrzQf2be/EjeTq3yxB4VSDe2Mns1TdWjmdj+5a4t88B1FMNuJoWTwER 7ydYobXP8KC5ZTs821VChB3dX12N9ptnEs6qqzK6 X-Received: by 2002:a81:1001:0:b0:36a:6d22:8a0a with SMTP id 1-20020a811001000000b0036a6d228a0amr59937721ywq.482.1668047967757; Wed, 09 Nov 2022 18:39:27 -0800 (PST) MIME-Version: 1.0 References: <20221025184519.13231-1-casey@schaufler-ca.com> <20221025184519.13231-4-casey@schaufler-ca.com> <1f595d0a-07cd-365d-ef36-8d796b783f22@schaufler-ca.com> In-Reply-To: <1f595d0a-07cd-365d-ef36-8d796b783f22@schaufler-ca.com> From: Paul Moore Date: Wed, 9 Nov 2022 21:39:16 -0500 Message-ID: Subject: Re: [PATCH v1 3/8] LSM: Identify the process attributes for each module To: Casey Schaufler Cc: casey.schaufler@intel.com, linux-security-module@vger.kernel.org, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 9, 2022 at 8:03 PM Casey Schaufler wrote: > On 11/9/2022 3:34 PM, Paul Moore wrote: > > On Tue, Oct 25, 2022 at 2:47 PM Casey Schaufler wrote: > >> Add an integer member "features" to the struct lsm_id which > >> identifies the API related data associated with each security > >> module. The initial set of features maps to information that > >> has traditionaly been available in /proc/self/attr. > >> > >> Signed-off-by: Casey Schaufler > >> --- > >> include/linux/lsm_hooks.h | 1 + > >> include/uapi/linux/lsm.h | 14 ++++++++++++++ > >> security/apparmor/lsm.c | 1 + > >> security/selinux/hooks.c | 2 ++ > >> security/smack/smack_lsm.c | 1 + > >> 5 files changed, 19 insertions(+) > > Everything Greg already said with one additional comment below. > > > >> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h > >> index dd4b4d95a172..46b2aa6a677e 100644 > >> --- a/include/linux/lsm_hooks.h > >> +++ b/include/linux/lsm_hooks.h > >> @@ -1608,6 +1608,7 @@ struct security_hook_heads { > >> struct lsm_id { > >> const char *lsm; /* Name of the LSM */ > >> int id; /* LSM ID */ > >> + int features; /* Set of LSM features */ > > I understand why you called the field "features", but I worry it is a > > bit too generic for 32-bits of flags. Let's make it specific to the > > LSM label attributes; how about 'feat_attr', 'sup_attr', or something > > along those lines? > > How about 'attrs_used'? I'm open to anything except 'late_for_dinner' :) Works for me. It's also worth noting that this struct isn't part of the UAPI so if we need to change it in the future we can. -- paul-moore.com