Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp57452rwb; Wed, 9 Nov 2022 19:53:40 -0800 (PST) X-Google-Smtp-Source: AMsMyM7GujpQEUjrv++eFiooBfowQ7ahVK0oJbNUVuN0iPHUf7bI0I9hzO4XZp6j/4PUekJpN0j+ X-Received: by 2002:a50:aad1:0:b0:461:37c2:e85c with SMTP id r17-20020a50aad1000000b0046137c2e85cmr1478173edc.74.1668052420497; Wed, 09 Nov 2022 19:53:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668052420; cv=none; d=google.com; s=arc-20160816; b=qaHzj8rqfODtZnVdVvRyPIvyC8YKa8QgaZI8550ys/2Xv0PXaGn3f+hpC0Qyi5xEHC LIz6ALMzDzsjTr9Rt0R/eVUlCJ6NHkWJe9Ci/JmqYdO50AAp78upUxetE3WItDc3vsoQ llzUiAPzPS44dD1K4Dmys5OBDN1jV8Y0rcxFNjPc4eYTLHAImCbAAUvbd7qD7QHF/4pK 6EC2W4kjdLZEQnmdEqOqbB9yx5wtZjAFg0EGOWG18ZCiL+K/2rztYlYuRbmp++jin+qX ivCRKdmWJ0xe5HOI25aU+zrVb31zA02K0/WABcS79XuxjCQcpPmA28YVkELYHAgTXaQx YD4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Ui4nz+rk4+cy7iX09mK3SZJkU54S/hpyEMWrZ+RjI2M=; b=J1c39u4FrHPDTaQnLm1VjR7gzugs+aLECisdUCy8aisJEsciU0z8ttsvjInl1lmAzx wIr3rFEYrjxCUny5u5g6A7r2V7jLLF7kUyPMfS+Cdb5XG/ZUN57m6u/uL6w922PK0mgm c4ZkuuNFDFEZGeSWj/Ea9dESj3KwCHEYrpN4JDRVtSf3BZofjyIMOzY3tEy7d4O6rNU8 n1SqW4rRgTL1mfPrzB7E8D7hRxm2MhCF2r/EEWYxx66iyc2swlmrIgWINzIzcoAQIKrL 5hcFgVacU5wLCgGXYxq/glCMJ5CYri4PjfXyT+SOpiCHLbEgDiijs0IUMuPKjfNJjqIt Yavw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=eC+RoKfh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dd10-20020a1709069b8a00b007ae4c686a4dsi21135799ejc.649.2022.11.09.19.53.18; Wed, 09 Nov 2022 19:53:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=eC+RoKfh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232154AbiKJDSH (ORCPT + 92 others); Wed, 9 Nov 2022 22:18:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35306 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231611AbiKJDSF (ORCPT ); Wed, 9 Nov 2022 22:18:05 -0500 Received: from mail-oo1-xc31.google.com (mail-oo1-xc31.google.com [IPv6:2607:f8b0:4864:20::c31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 902462A95C for ; Wed, 9 Nov 2022 19:18:04 -0800 (PST) Received: by mail-oo1-xc31.google.com with SMTP id j1-20020a4ad181000000b0049e6e8c13b4so101697oor.1 for ; Wed, 09 Nov 2022 19:18:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Ui4nz+rk4+cy7iX09mK3SZJkU54S/hpyEMWrZ+RjI2M=; b=eC+RoKfhId/DMoP2yqdKWn4KQDV/bHSjRCDt/kWA5xOVi5nb2pPkI4mlgslo1JNknx Tbc3SQ7t4elqvdUA3nUUCKvQbTL7ks+AB1IJ5XhKa2/de9c1Udet2zrq/4jLZG7GTcyo qTJd5hnqSuyrRaevhIkhNKvsdvsYMK4tChfEz0tiplUuDiC5uC04CxKrOxSGi0hN2o+4 CO0OjAnj9tnmtB5qAC9vFShPdrrfEgCzNnfwl/zNEBCkbuZ9vTypUAhuhzEGgjMN41/b UI8hKSlDuk0oJLzFvXx2H4VG88DRFWuETaRueen5S0NSNB5HmirGKvFdgsSm1yQjpbQW TSGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Ui4nz+rk4+cy7iX09mK3SZJkU54S/hpyEMWrZ+RjI2M=; b=Za6A1pwa+xCpUpyoJrzjqeCpqIKqDHyZaKoVLoyVeqE4Jf3fnj97JFc5GeB7VSzr9h BJM2M5IynDjMKLaHpERr2dGNWmtAuYnLNKjgetMTKF91DjhTe4kypwEWBvarsR7LxTzf MaZRj1OcXqUZGwrRFGD6MCqoDqKx94Bfzjv1UPC9mfJdb31s1xMwNl97SNvSic2rOShd 9lhfHDehalcFTTdhR5dj4dura2aMbU7T2TV60pIgcWNrzjlOqh59pWn+wGg4pss/e5fv EV52u9MTYSBNcTl2CJcrhm2e6sAkk3zQS+ynwFhKZskyGpYHbgsMqjcYO1XjnmC/l0Ft msgQ== X-Gm-Message-State: ANoB5pnl5Qt9cyxA3FPd+fTGUAi6q5qVYgHkoEvNw1C8T30Y6oj6Qzvb 2lxUAxmXY28krVbf/lIfxVyzWLa3/ciKdEygvwOO X-Received: by 2002:a4a:ca8f:0:b0:49e:f01a:feaf with SMTP id x15-20020a4aca8f000000b0049ef01afeafmr7560680ooq.81.1668050283850; Wed, 09 Nov 2022 19:18:03 -0800 (PST) MIME-Version: 1.0 References: <20221025184519.13231-1-casey@schaufler-ca.com> <20221025184519.13231-8-casey@schaufler-ca.com> In-Reply-To: From: Paul Moore Date: Wed, 9 Nov 2022 22:17:52 -0500 Message-ID: Subject: Re: [PATCH v1 7/8] LSM: Create lsm_module_list system call To: Casey Schaufler Cc: casey.schaufler@intel.com, linux-security-module@vger.kernel.org, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 9, 2022 at 8:37 PM Casey Schaufler wrote: > On 11/9/2022 3:35 PM, Paul Moore wrote: > > On Tue, Oct 25, 2022 at 2:48 PM Casey Schaufler wrote: > >> Create a system call to report the list of Linux Security Modules > >> that are active on the system. The list is provided as an array > >> of LSM ID numbers. > >> > >> The calling application can use this list determine what LSM > >> specific actions it might take. That might include chosing an > >> output format, determining required privilege or bypassing > >> security module specific behavior. > >> > >> Signed-off-by: Casey Schaufler > >> --- > >> include/linux/syscalls.h | 1 + > >> kernel/sys_ni.c | 1 + > >> security/lsm_syscalls.c | 38 ++++++++++++++++++++++++++++++++++++++ > >> 3 files changed, 40 insertions(+) > > .. > > > >> diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c > >> index da0fab7065e2..cd5db370b974 100644 > >> --- a/security/lsm_syscalls.c > >> +++ b/security/lsm_syscalls.c > >> @@ -154,3 +154,41 @@ SYSCALL_DEFINE3(lsm_self_attr, > >> kfree(final); > >> return rc; > >> } > >> + > >> +/** > >> + * lsm_module_list - Return a list of the active security modules > >> + * @ids: the LSM module ids > >> + * @size: size of @ids, updated on return > >> + * @flags: reserved for future use, must be zero > >> + * > >> + * Returns a list of the active LSM ids. On success this function > >> + * returns the number of @ids array elements. This value may be zero > >> + * if there are no LSMs active. If @size is insufficient to contain > >> + * the return data -E2BIG is returned and @size is set to the minimum > >> + * required size. In all other cases a negative value indicating the > >> + * error is returned. > >> + */ > > Let's make a promise that for this syscall we will order the LSM IDs > > in the array in the same order as which they are configured/executed. > > Sure. Order registered, which can vary, as opposed to LSM ID order, > which cannot. That could be important to ensure that applications > that enforce the same policy as the kernel will hit the checks in > the same order as the kernel. That's how it is coded. It needs to > be documented. Yep. One of the big reasons for documenting it this way is to ensure that we define the order as part of the API. -- paul-moore.com