From: John Johansen <john.johansen@canonical.com>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [AppArmor #6 0/13] AppArmor security module
Date: Thu, 29 Jul 2010 03:44:35 -0700 [thread overview]
Message-ID: <4C515B93.9000403@canonical.com> (raw)
In-Reply-To: <201007281548.HFC39035.LHMFOFtJOFVQOS@I-love.SAKURA.ne.jp>
On 07/27/2010 11:48 PM, Tetsuo Handa wrote:
> John Johansen wrote:
>> With this submission we believe AppArmor is ready for inclusion into
>> the kernel.
> If nobody has objection, I think it is time to add AppArmor for Linux 2.6.36.
>
>
>
> LXR as of 9788eb59 "AppArmor: Remove delegate information from permission struct"
> is at http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/?v=apparmor-dev .
>
> Comments listed below. All trivial.
>
>
>
> Regarding apparmorfs.c
>
> 142 static struct dentry *aa_fs_dentry;
>
> You can add "__initdata".
done
>
> static void aafs_remove(const char *name)
>
> You can add "__init".
>
done
> 163 static int aafs_create(const char *name, int mask,
> 164 const struct file_operations *fops)
>
> You can add "__init".
>
done
> 179 void aa_destroy_aafs(void)
>
> You can add "__init".
>
done
> 198 int aa_create_aafs(void)
>
> You can add "static" and "__init".
>
done
>
>
> Regarding audit.c
>
> 179 int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
> 180 struct common_audit_data *sa,
> 181 void (*cb) (struct audit_buffer *, void *))
> 182 {
> 183 BUG_ON(!profile);
> (...snipped...)
> 200 if (profile && KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
> 201 type = AUDIT_APPARMOR_KILL;
> 202
> 203 if (profile && !unconfined(profile))
> 204 sa->aad.profile = profile;
>
> profile != NULL already chedked.
done
>
>
>
> Regarding capability.c
>
> 59 * Returns: 0 or sa->error on succes, error code on failure
>
> s/succes/success/
done + spell checked the rest of the comments
>
>
>
> Regarding domain.c
>
> 201 * Either the profile or namespace name may be optional but if the namespace
> 202 * is specified the profile name termination must be present. This results
> 203 * in the following possible encodings:
> 204 * profile_name\0
> 205 * :ns_name\0profile_name\0
> 206 * :ns_name\0\0
> 207 *
> 208 * NOTE: the xtable fqname is prevalidated at load time in unpack_trans_table
> 209 *
> 210 * Returns: profile name if it is specified else NULL
> 211 */
> 212 static const char *separate_fqname(const char *fqname, const char **ns_name)
> 213 {
> 214 const char *name;
> 215
> 216 if (fqname[0] == ':') {
> 217 *ns_name = fqname + 1; /* skip : */
>
> Maybe
>
> BUG_ON(!*ns_name);
>
> or something is wanted in case fqname by error received ':' + '\0' rather than
> ':' + '\0' + '\0'.
>
Hrrm, it really shouldn't be necessary. As mentioned in the comments this is verified
at load time. I have added an extra comment in the code regarding this, and also
updated the comments in unpack_trans_table to highlight the null terminator checking
for both the single case and for the leading ':' case which requires two.
> 218 name = *ns_name + strlen(*ns_name) + 1;
> 219 if (!*name)
> 220 name = NULL;
>
>
>
> Regarding lib.c
>
> 61 void aa_info_message(const char *str)
> 62 {
> 63 if (audit_enabled) {
> 64 struct common_audit_data sa;
> 65 COMMON_AUDIT_DATA_INIT(&sa, NONE);
> 66 sa.aad.info = str;
> 67 printk(KERN_INFO "AppArmor: %s\n", str);
>
> You want to skip printk() if !audit_enabled?
>
No, it should be outside the if thanks
> 68 aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
> 69 }
> 70 }
>
> 81 void *kvmalloc(size_t size)
> 82 {
> 83 void *buffer = NULL;
> 84
> 85 if (size == 0)
> 86 return NULL;
> 87
> 88 /* do not attempt kmalloc if we need more than 16 pages at once */
> 89 if (size <= (16*PAGE_SIZE))
> 90 buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN);
> 91 if (!buffer) {
>
> Please add "/* See kvfree() for reason to round up. */" or something.
>
done
> 92 if (size < sizeof(struct work_struct))
> 93 size = sizeof(struct work_struct);
> 94 buffer = vmalloc(size);
>
>
>
> Regarding lsm.c
>
> 39 int apparmor_initialized;
>
> You can add "__initdata".
>
done
>
>
> Regarding policy_unpack.c
>
> 361 * Returns: 1 if table succesfully unpacked
>
> s/succesfully/successfully/
>
done
>
>
> Regarding include/apparmor.h
>
> 50 extern int apparmor_initialized;
>
> You can add "__initdata".
>
done
>
>
> Regarding include/apparmorfs.h
>
> 18 extern void aa_destroy_aafs(void);
>
> You can add "__init".
>
done
>
>
> Regarding include/policy.h
>
> 71 #define AA_NEW_SID 0
>
> This symbol is not used.
>
removed
> 254 * @profile: the profile to check for newer versions of (NOT NULL)
> (...snipped...)
> 263 static inline struct aa_profile *aa_newest_version(struct aa_profile *profile)
> 264 {
> 265 if (unlikely(profile && profile->replacedby))
> 266 for (; profile->replacedby; profile = profile->replacedby)
>
> Comment says profile != NULL. Maybe
>
> static inline struct aa_profile *aa_newest_version(struct aa_profile *profile)
> {
> while (profile->replacedby)
> profile = profile->replacedby;
> }
>
done
next prev parent reply other threads:[~2010-07-29 10:44 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-27 2:57 [AppArmor #6 0/13] AppArmor security module John Johansen
2010-07-27 2:57 ` [PATCH 01/13] AppArmor: misc. base functions and defines John Johansen
2010-07-27 2:57 ` [PATCH 02/13] AppArmor: basic auditing infrastructure John Johansen
2010-07-27 2:57 ` [PATCH 03/13] AppArmor: contexts used in attaching policy to system objects John Johansen
2010-07-27 2:57 ` [PATCH 04/13] AppArmor: core policy routines John Johansen
2010-07-27 2:57 ` [PATCH 05/13] AppArmor: dfa match engine John Johansen
2010-07-27 2:57 ` [PATCH 06/13] AppArmor: policy routines for loading and unpacking policy John Johansen
2010-07-27 2:57 ` [PATCH 07/13] AppArmor: userspace interfaces John Johansen
2010-07-27 2:57 ` [PATCH 08/13] AppArmor: file enforcement routines John Johansen
2010-07-27 2:57 ` [PATCH 09/13] AppArmor: mediation of non file objects John Johansen
2010-07-27 2:57 ` [PATCH 10/13] AppArmor: domain functions for domain transition John Johansen
2010-07-27 2:57 ` [PATCH 11/13] AppArmor: LSM interface, and security module initialization John Johansen
2010-07-27 2:57 ` [PATCH 12/13] AppArmor: Enable configuring and building of the AppArmor security module John Johansen
2010-07-27 2:57 ` [PATCH 13/13] AppArmor: update Maintainer and Documentation/kernel-parameters.txt John Johansen
2010-07-28 17:46 ` Randy Dunlap
2010-07-28 23:12 ` John Johansen
2010-07-28 6:48 ` [AppArmor #6 0/13] AppArmor security module Tetsuo Handa
2010-07-29 2:36 ` Casey Schaufler
2010-07-29 10:44 ` John Johansen [this message]
2010-07-31 6:15 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C515B93.9000403@canonical.com \
--to=john.johansen@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.