Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp10848990rwb; Fri, 25 Nov 2022 08:23:18 -0800 (PST) X-Google-Smtp-Source: AA0mqf682QzrmIBNDMe4cnqrmLeSjISaWuzlAnUxpKHH2rQ6xeImuDM9u+DM0Cvfeb3Zw0UtAJQH X-Received: by 2002:aa7:9a4e:0:b0:563:b1bc:7f98 with SMTP id x14-20020aa79a4e000000b00563b1bc7f98mr19275846pfj.29.1669393398310; Fri, 25 Nov 2022 08:23:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669393398; cv=none; d=google.com; s=arc-20160816; b=Laq/JRqXonAhFS/SLO0ZXYsyjFANT+mg4b0W/udCJCHjW3429iXI54H2zXsoqOTLvg OYI/M/5tuYl5aYxO4p0APYY1GtNeq4nEkOWqonbnKXWNFg5/q413a6JTWFcF7zZLgZn7 mUaJqeDcSjoZ12rsOjpQdIvogpfNk2b/jlIypszSwPpbi3cNe18mKJT/OXI3gaxK1cfr ZmBYVhmOeKv4ar4+UOXUOD7qaFF+e47tQj0qQJ/x2pAfBES/OgzwCoL1XR8BXU037ANr 7pThemPQcTmHRS92PhkVqUbnh7SgUGL+K5GlQ2lD6T+73RdKZujoNQ7U+7q8h7WkxgA/ kUBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=WKqp3T1CRkLmvNKI4vCvqjOlZz9/dGKx+UW/ZxOvdkA=; b=sOvf0usxg02cRalavhPUDkutVntSMiOBJC18xMfg2ND7PV9f0mtBgGdPv57SIRGzx5 D+rS+5pU94rd/DfDNwTBleak6w6eU3falitbMt7wRHfe1adhsAxJ0mCrTLmXsIfvyAa0 aSeH9yOxvpfkIujiAy4J2WyNevbanTDkdqEl8xhGqa9pZdjpRtBKgc37XCuyxJkbZSul QLkM4v4FBtPApCTGb8TrngwYgiGTBGbsXhDQpUyOHweb+wly4b+/7kahLx/h6zzYEvL0 0geyV8I1GDO3geofecyiJ2tZ0hWB1gcJi6UkLGcxb92956DojXaZ1ba4Bj+DWqMxwIZM FiYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=BFhys6FY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g5-20020a63dd45000000b0045c88c3b799si4137107pgj.709.2022.11.25.08.23.06; Fri, 25 Nov 2022 08:23:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=BFhys6FY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229845AbiKYQTP (ORCPT + 86 others); Fri, 25 Nov 2022 11:19:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229939AbiKYQTK (ORCPT ); Fri, 25 Nov 2022 11:19:10 -0500 Received: from smtp-bc0c.mail.infomaniak.ch (smtp-bc0c.mail.infomaniak.ch [IPv6:2001:1600:4:17::bc0c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7947E4D5DE for ; Fri, 25 Nov 2022 08:19:07 -0800 (PST) Received: from smtp-2-0001.mail.infomaniak.ch (unknown [10.5.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4NJg6J6b62zMqP72; Fri, 25 Nov 2022 17:19:04 +0100 (CET) Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149]) by smtp-2-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4NJg6G2txNzMppfG; Fri, 25 Nov 2022 17:19:02 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net; s=20191114; t=1669393144; bh=8KIw3cJWuenjkvUEMm336PVQdkbi37jR7q+oe3VSuIc=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=BFhys6FYtGUBFxFuZflPQiWKF+fY90xkLigE0RtoO7b2ML8qXAhc6o8LWTTs8jcir FZm+pczKZCXoiempppTAvfp6XD470ybZL+aYe4DHXfjfLW7rdm0G8OgjCC8xI0wysp 2PK1iUxNe2dUnzO7sXhraK9mLWL6MlwpDEbMMucY= Message-ID: <463cb747-5bac-9e8e-b78e-1ff6a1b29142@digikod.net> Date: Fri, 25 Nov 2022 17:19:01 +0100 MIME-Version: 1.0 User-Agent: Subject: Re: [PATCH v3 1/9] LSM: Identify modules by more than name Content-Language: en-US To: Greg KH , Casey Schaufler Cc: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org References: <20221123201552.7865-1-casey@schaufler-ca.com> <20221123201552.7865-2-casey@schaufler-ca.com> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Infomaniak-Routing: alpha X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 24/11/2022 06:40, Greg KH wrote: > On Wed, Nov 23, 2022 at 12:15:44PM -0800, Casey Schaufler wrote: >> Create a struct lsm_id to contain identifying information >> about Linux Security Modules (LSMs). At inception this contains >> the name of the module and an identifier associated with the >> security module. Change the security_add_hooks() interface to >> use this structure. Change the individual modules to maintain >> their own struct lsm_id and pass it to security_add_hooks(). >> >> The values are for LSM identifiers are defined in a new UAPI >> header file linux/lsm.h. Each existing LSM has been updated to >> include it's LSMID in the lsm_id. >> >> The LSM ID values are sequential, with the oldest module >> LSM_ID_CAPABILITY being the lowest value and the existing modules >> numbered in the order they were included in the main line kernel. >> This is an arbitrary convention for assigning the values, but >> none better presents itself. The value 0 is defined as being invalid. >> The values 1-99 are reserved for any special case uses which may >> arise in the future. > > What would be a "special case" that deserves a lower number? I don't see any meaningful use case for these reserved numbers either. If there are some, let's put them now, otherwise we should start with 1. Is it inspired by an existing UAPI? Reserving 0 as invalid is good though.