From: Tony Jones <tonyj@immunix.com>
To: serue@us.ibm.com
Cc: lkml <linux-kernel@vger.kernel.org>,
Chris Wright <chrisw@osdl.org>,
Stephen Smalley <sds@epoch.ncsc.mil>,
James Morris <jmorris@redhat.com>, Andrew Morton <akpm@osdl.org>,
Michael Halcrow <mhalcrow@us.ibm.com>
Subject: Re: [patch 0/15] lsm stacking v0.3: intro
Date: Fri, 29 Jul 2005 22:07:01 -0700 [thread overview]
Message-ID: <20050730050701.GA22901@immunix.com> (raw)
In-Reply-To: <20050727181732.GA22483@serge.austin.ibm.com>
On Wed, Jul 27, 2005 at 01:17:32PM -0500, serue@us.ibm.com wrote:
Hi Serge.
A few trivial things I noticed whilst writing some internal documentation
on Stacker. Nothing deep here, but thought I'd pass them along.
I'll try to actually try out the code next week.
I made these notes as I was going along, lmk if you need them annotated
to the original patch and I'll go back and redo.
Thanks again
Tony
1) Documentation refers to /security/stacker/list_modules, code refers to
"listmodules". list_modules is more consistent with other file names.
2) symbol_get(ops) still at the end of stacker_register.
3) struct module_entry{
struct list_head lsm_list; /* list of active lsms */
struct list_head all_lsms; /* list of active lsms */
fix comments
4) Would it be useful to change the struct elements lsm_list and all_lsms to
be consistent with their list heads (stacked_modules and all_modules).
5) /*
* Workarounds for the fact that get and setprocattr are used only by
* selinux. (Maybe)
*/
No complaints on selinux getting to avoid the (module), they are intree.
Just a FYI that SubDomain/AppArmor uses these hooks also.
6) stop_responding control file is misnamed, as stacker still continues to work
it just removes the virtual file system
7) Does the lsm_list really need to be at the top of the struct? Good style
but not sure it is required (must).
8) security-stack.h
* If stacker is compiled in, then we use the full functions as
* defined in security/security.c. Otherwise we use the #defines
* here.
I noticed the conditional CONFIG_SECURITY_STACKER code went away, previously
it would look at the value chain head only for the !case. But this comment
still remains.
> Hi,
>
> The set of patches to follow introduces support for stacking LSMs. This
> is its third posting to lkml. I am sending it out in the hopes of
> soliciting more widespread feedback and testing, with the obvious eventual
> goal of mainline adoption.
>
> Any feedback from people actually using this patch is appreciated. Even
> better would be posts of (stackable) LSMs for upstream inclusion :)
next prev parent reply other threads:[~2005-07-30 5:11 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-27 18:17 [patch 0/15] lsm stacking v0.3: intro serue
2005-07-27 18:19 ` [patch 1/15] lsm stacking v0.3: introduce securityfs serue
2005-07-27 18:20 ` [patch 2/15] lsm stacking v0.3: add module * to security_ops serue
2005-07-27 18:21 ` [patch 3/15] lsm stacking v0.3: don't default to dummy_##hook serue
2005-07-27 18:23 ` [patch 4/15] lsm stacking v0.3: swith ->security to hlist serue
2005-07-27 18:24 ` [patch 5/15] lsm stacking v0.3: introduce security_*_value API serue
2005-07-27 18:24 ` [patch 6/15] lsm stacking v0.3: stacker documentation serue
2005-07-27 18:24 ` [patch 7/15] lsm stacking v0.3: actual stacker module serue
2005-07-27 18:25 ` [patch 8/15] lsm stacking v0.3: stackable capabilities lsm serue
2005-07-27 18:26 ` [patch 9/15] lsm stacking v0.3: selinux: update ->security structs serue
2005-07-27 18:26 ` [patch 10/15] lsm stacking v0.3: selinux: use security_*_value API serue
2005-07-27 18:27 ` [patch 11/15] lsm stacking v0.3: selinux: remove secondary support serue
2005-07-27 18:27 ` [patch 12/15] lsm stacking v0.3: hook completeness verification script serue
2005-07-27 18:28 ` [patch 13/15] lsm stacking v0.3: seclvl: update for stacking serue
2005-07-27 18:28 ` [patch 14/15] lsm stacking v0.3: fix security_{del,unlink}_value race serue
2005-07-27 18:28 ` [patch 15/15] lsm stacking v0.3: stacking for digsig serue
2005-07-27 19:34 ` [patch 0/15] lsm stacking v0.3: intro James Morris
2005-07-27 19:37 ` James Morris
2005-08-03 16:45 ` [PATCH] Stacker - single-use static slots serue
2005-08-03 17:57 ` Chris Wright
2005-08-03 19:27 ` serue
2005-08-03 19:45 ` Chris Wright
2005-08-03 20:31 ` serge
2005-08-05 15:55 ` James Morris
2005-08-05 17:27 ` serue
2005-08-05 17:34 ` serue
2005-08-10 14:45 ` serue
2005-08-11 7:42 ` James Morris
2005-08-11 21:22 ` serue
2005-08-11 23:02 ` James Morris
2005-07-27 19:54 ` [patch 0/15] lsm stacking v0.3: intro serue
2005-07-30 5:07 ` Tony Jones [this message]
2005-07-30 19:02 ` serge
2005-07-30 20:18 ` Tony Jones
2005-07-31 3:22 ` Steve Beattie
2005-07-31 3:44 ` serge
2005-07-31 4:13 ` Tony Jones
2005-07-31 13:37 ` serge
2005-07-31 3:53 ` serge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050730050701.GA22901@immunix.com \
--to=tonyj@immunix.com \
--cc=akpm@osdl.org \
--cc=chrisw@osdl.org \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhalcrow@us.ibm.com \
--cc=sds@epoch.ncsc.mil \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.