Re: [PATCH -mm 1/4] LSM: Introduce inode_getsecid and ipc_getsecid hooks

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Paul Moore <paul.moore@hp.com>
To: "Ahmed S. Darwish" <darwish.07@gmail.com>
Cc: Chris Wright <chrisw@sous-sol.org>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	James Morris <jmorris@namei.org>,
	Eric Paris <eparis@parisplace.org>,
	Casey Schaufler <casey@schaufler-ca.com>,
	David Woodhouse <dwmw2@infradead.org>,
	linux-security-module@vger.kernel.org,
	LKML <linux-kernel@vger.kernel.org>,
	akpm <akpm@linux-foundation.org>
Subject: Re: [PATCH -mm 1/4] LSM: Introduce inode_getsecid and ipc_getsecid hooks
Date: Wed, 27 Feb 2008 11:04:57 -0500	[thread overview]
Message-ID: <200802271104.57815.paul.moore@hp.com> (raw)
In-Reply-To: <20080226232411.GB12059@ubuntu>

On Tuesday 26 February 2008 6:24:11 pm Ahmed S. Darwish wrote:
> Introduce inode_getsecid(inode, secid) and ipc_getsecid(ipcp, secid)
> LSM hooks.
>
> This hooks will be used instead of similar exported SELinux
> interfaces.
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
> ---
>
>  include/linux/security.h |   18 ++++++++++++++++++
>  security/dummy.c         |   12 ++++++++++++
>  security/security.c      |   12 ++++++++++++
>  3 files changed, 42 insertions(+)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index a33fd03..a7fb136 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -449,6 +449,10 @@ struct request_sock;
>   *	@dentry is the dentry being changed.
>   *	Return 0 on success.  If error is returned, then the operation
>   *	causing setuid bit removal is failed.
> + * @inode_getsecid:
> + *      Get the secid associated with the node
> + *      @inode contains a pointer to the inode
> + *      @secid contains a pointer to the location to store the
> result *
>   * Security hooks for file operations
>   *
> @@ -989,6 +993,10 @@ struct request_sock;
>   *	@ipcp contains the kernel IPC permission structure
>   *	@flag contains the desired (requested) permission set
>   *	Return 0 if permission is granted.
> + * @ipc_getsecid:
> + *      Get the secid associated with the ipc object
> + *      @ipcp contains the kernel IPC permission structure
> + *      @secid contains a pointer to the location where result will
> be saved

See my other comments about tabs not spaces.

> +static inline void security_inode_getsecid(const struct inode
> *inode, u32 *secid)
> +{ } 

...

> +static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp,
> u32 *secid)
> +{ } 

Should these both do a  "*secid = 0;"?

> diff --git a/security/dummy.c b/security/dummy.c
> index 6a0056b..c2f4c52 100644
> --- a/security/dummy.c
> +++ b/security/dummy.c
> @@ -422,6 +422,11 @@ static int dummy_inode_listsecurity(struct inode
> *inode, char *buffer, size_t bu return 0;
>  }
>
> +static void dummy_inode_getsecid(const struct inode *inode, u32
> *secid)
> +{ 
> +	return;
> +}

...

> +static void dummy_ipc_getsecid(struct kern_ipc_perm *ipcp, u32
> *secid)
> +{ 
> +	return;
> +}

Same question.

-- 
paul moore
linux security @ hp

next prev parent reply	other threads:[~2008-02-27 16:05 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-26 23:22 [PATCH -mm 0/4] LSM interfaced Audit (SELinux audit separation) Ahmed S. Darwish
2008-02-26 23:24 ` [PATCH -mm 1/4] LSM: Introduce inode_getsecid and ipc_getsecid hooks Ahmed S. Darwish
2008-02-27 16:04   ` Paul Moore [this message]
2008-02-27 16:45     ` Ahmed S. Darwish
2008-02-26 23:25 ` [PATCH -mm 2/4] SELinux: Remove various exported symbols Ahmed S. Darwish
2008-02-26 23:42   ` Paul Moore
2008-02-26 23:28 ` [PATCH -mm 3/4] Audit: start not to use SELinux " Ahmed S. Darwish
2008-02-27 16:00   ` Paul Moore
2008-02-27 17:11     ` Ahmed S. Darwish
2008-02-27 22:25       ` James Morris
2008-02-26 23:31 ` [PATCH -mm 4/4] Netlink: Use LSM interface instead of SELinux one Ahmed S. Darwish

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200802271104.57815.paul.moore@hp.com \
    --to=paul.moore@hp.com \
    --cc=akpm@linux-foundation.org \
    --cc=casey@schaufler-ca.com \
    --cc=chrisw@sous-sol.org \
    --cc=darwish.07@gmail.com \
    --cc=dwmw2@infradead.org \
    --cc=eparis@parisplace.org \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=sds@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.