From: Casey Schaufler <casey@schaufler-ca.com>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
john.johansen@canonical.com
Cc: jmorris@namei.org, james.l.morris@oracle.com,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, pmoore@redhat.com,
sds@tycho.nsa.gov, eparis@redhat.com, keescook@chromium.org,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH 0/7 v21] LSM: Multiple concurrent LSMs
Date: Fri, 10 Apr 2015 11:27:03 -0700 [thread overview]
Message-ID: <552815F7.1060306@schaufler-ca.com> (raw)
In-Reply-To: <201504102024.HGF17141.SOFFJQOMOFtHLV@I-love.SAKURA.ne.jp>
On 4/10/2015 4:24 AM, Tetsuo Handa wrote:
> This patchset seems to be blocked for waiting for an ACK from AppArmor
> people. John, can you give us ACK?
>
> Apart from ACK from John, I wrote a cleanup patch (shown below) which
> we might want to append to this patchset, though we anyway need to
> refresh this patchset with commit 58bc19542455 in linux-next.git included.
I'm good with all of this except #7. I'll incorporate it in the next
version.
> ----------------------------------------
> >From 49f753bb197ed2dda9c7958b5acf9d5458d102ef Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Fri, 10 Apr 2015 13:57:45 +0900
> Subject: [PATCH] Cleanups for LSM: Multiple concurrent LSMs
>
> (1) Move definition of SECURITY_NAME_MAX from include/linux/security.h and
> include/linux/lsm_hooks.h to security/security.c.
>
> (2) Drop "#ifdef CONFIG_SECURITY" from include/linux/lsm_hooks.h because
> all files which include this file depend on CONFIG_SECURITY=y.
>
> (3) Drop comment of removed "union security_list_options"->name member.
>
> (4) Drop cap_netlink_send() which always returns 0.
>
> (5) Simplify security_add_hooks(), and move it from security/security.c
> to include/linux/lsm_hooks.h as an inline function.
>
> (6) Move prototype of yama_add_hooks() and capability_add_hooks() from
> include/linux/security.h to include/linux/lsm_hooks.h, and mark them
> as __init functions.
>
> (7) Move security_delete_hooks() from security/security.c to
> security/selinux/hooks.c.
I don't like this bit as it moves understanding of the module
list mechanism into a security module.
>
> (8) Update comment of prototype of commoncap functions.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> ---
> include/linux/lsm_hooks.h | 33 +++++++++++++++------------------
> include/linux/security.h | 17 ++---------------
> security/commoncap.c | 7 +------
> security/security.c | 28 +++-------------------------
> security/selinux/hooks.c | 8 ++++++++
> security/yama/yama_lsm.c | 2 +-
> 6 files changed, 30 insertions(+), 65 deletions(-)
>
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index c86aaf0..3b805de 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -25,19 +25,10 @@
> #define __LINUX_LSM_HOOKS_H
>
> #include <linux/security.h>
> -
> -/* Maximum number of letters for an LSM name string */
> -#define SECURITY_NAME_MAX 10
> -
> -#ifdef CONFIG_SECURITY
> +#include <linux/init.h>
> +#include <linux/rculist.h>
>
> /**
> - * Security module identifier.
> - *
> - * @name:
> - * A string that acts as a unique identifier for the LSM with max number
> - * of characters = SECURITY_NAME_MAX.
> - *
> * Security hooks for program execution operations.
> *
> * @bprm_set_creds:
> @@ -1859,14 +1850,20 @@ struct security_hook_list {
>
> extern struct security_hook_heads security_hook_heads;
>
> +static inline void security_add_hooks(struct security_hook_list *hooks,
> + int count)
> +{
> + int i;
> +
> + for (i = 0; i < count; i++)
> + list_add_tail_rcu(&hooks[i].list, hooks[i].head);
> +}
> +
> /* prototypes */
> -extern int security_module_enable(const char *module);
> -extern void security_add_hooks(struct security_hook_list *hooks, int count);
> -#ifdef CONFIG_SECURITY_SELINUX_DISABLE
> -extern void security_delete_hooks(struct security_hook_list *hooks, int count);
> +extern int __init security_module_enable(const char *module);
> +extern void __init capability_add_hooks(void);
> +#ifdef CONFIG_SECURITY_YAMA_STACKED
> +void __init yama_add_hooks(void);
> #endif
>
> -#endif /* CONFIG_SECURITY */
> -
> #endif /* ! __LINUX_LSM_HOOKS_H */
> -
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 04e2a3e..337105f 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -55,9 +55,6 @@ struct xattr;
> struct xfrm_sec_ctx;
> struct mm_struct;
>
> -/* Maximum number of letters for an LSM name string */
> -#define SECURITY_NAME_MAX 10
> -
> /* If capable should audit the security request */
> #define SECURITY_CAP_NOAUDIT 0
> #define SECURITY_CAP_AUDIT 1
> @@ -70,10 +67,7 @@ struct audit_krule;
> struct user_namespace;
> struct timezone;
>
> -/*
> - * These functions are in security/capability.c and are used
> - * as the default capabilities functions
> - */
> +/* These functions are in security/commoncap.c */
> extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
> int cap, int audit);
> extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
> @@ -101,7 +95,6 @@ extern int cap_task_setscheduler(struct task_struct *p);
> extern int cap_task_setioprio(struct task_struct *p, int ioprio);
> extern int cap_task_setnice(struct task_struct *p, int nice);
> extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
> -extern void capability_add_hooks(void);
>
> struct msghdr;
> struct sk_buff;
> @@ -116,8 +109,6 @@ struct xfrm_state;
> struct xfrm_user_sec_ctx;
> struct seq_file;
>
> -extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
> -
> #ifdef CONFIG_MMU
> extern unsigned long mmap_min_addr;
> extern unsigned long dac_mmap_min_addr;
> @@ -1078,7 +1069,7 @@ static inline int security_setprocattr(struct task_struct *p, char *name, void *
>
> static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
> {
> - return cap_netlink_send(sk, skb);
> + return 0;
> }
>
> static inline int security_ismaclabel(const char *name)
> @@ -1653,9 +1644,5 @@ static inline void free_secdata(void *secdata)
> { }
> #endif /* CONFIG_SECURITY */
>
> -#ifdef CONFIG_SECURITY_YAMA_STACKED
> -void yama_add_hooks(void);
> -#endif
> -
> #endif /* ! __LINUX_SECURITY_H */
>
> diff --git a/security/commoncap.c b/security/commoncap.c
> index b7f341f..fe76865 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -53,11 +53,6 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
> }
> }
>
> -int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
> -{
> - return 0;
> -}
> -
> /**
> * cap_capable - Determine whether a task has a particular effective capability
> * @cred: The credentials to use
> @@ -1005,7 +1000,7 @@ struct security_hook_list capability_hooks[] = {
> LSM_HOOK_INIT(vm_enough_memory, cap_vm_enough_memory),
> };
>
> -void capability_add_hooks(void)
> +void __init capability_add_hooks(void)
> {
> security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks));
> }
> diff --git a/security/security.c b/security/security.c
> index be10ea4..e9d7171 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -29,6 +29,9 @@
>
> #define MAX_LSM_EVM_XATTR 2
>
> +/* Maximum number of letters for an LSM name string */
> +#define SECURITY_NAME_MAX 10
> +
> /* Boot-time LSM user choice */
> static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
> CONFIG_DEFAULT_SECURITY;
> @@ -1888,28 +1891,3 @@ struct security_hook_heads security_hook_heads = {
> LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
> #endif /* CONFIG_AUDIT */
> };
> -
> -void security_add_hooks(struct security_hook_list *hooks, int count)
> -{
> - struct security_hook_list *shp;
> - int i;
> -
> - for (i = 0; i < count; i++) {
> - INIT_LIST_HEAD(&hooks[i].list);
> - shp = list_last_entry(hooks[i].head,
> - struct security_hook_list, list);
> - list_add_rcu(&hooks[i].list, &shp->list);
> - }
> -}
> -
> -#ifdef CONFIG_SECURITY_SELINUX_DISABLE
> -
> -void security_delete_hooks(struct security_hook_list *hooks, int count)
> -{
> - int i;
> -
> - for (i = 0; i < count; i++)
> - list_del_rcu(&hooks[i].list);
> -}
> -
> -#endif /* CONFIG_SECURITY_SELINUX_DISABLE */
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 3fd8610..cea78f2 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -6161,6 +6161,14 @@ static void selinux_nf_ip_exit(void)
> #ifdef CONFIG_SECURITY_SELINUX_DISABLE
> static int selinux_disabled;
>
> +static void security_delete_hooks(struct security_hook_list *hooks, int count)
> +{
> + int i;
> +
> + for (i = 0; i < count; i++)
> + list_del_rcu(&hooks[i].list);
> +}
> +
> int selinux_disable(void)
> {
> if (ss_initialized) {
> diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
> index a6b876d..9ed3250 100644
> --- a/security/yama/yama_lsm.c
> +++ b/security/yama/yama_lsm.c
> @@ -353,7 +353,7 @@ static struct security_hook_list yama_hooks[] = {
> LSM_HOOK_INIT(task_free, yama_task_free),
> };
>
> -void yama_add_hooks(void)
> +void __init yama_add_hooks(void)
> {
> security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks));
> }
next prev parent reply other threads:[~2015-04-10 18:27 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-10 1:13 [PATCH 0/7 v21] LSM: Multiple concurrent LSMs Casey Schaufler
2015-03-10 1:20 ` [PATCH 1/7 v21] LSM: Split security.h Casey Schaufler
2015-03-10 1:20 ` [PATCH 2/7 v21] LSM: Add the comment to lsm_hooks.h Casey Schaufler
2015-03-10 1:20 ` [PATCH 3/7 v21] LSM: Remove a comment from security.h Casey Schaufler
2015-03-10 1:20 ` [PATCH 4/7 v21] LSM: Introduce security hook calling Macros Casey Schaufler
2015-03-10 1:20 ` [PATCH 5/7 v21] LSM: Add security module hook list heads Casey Schaufler
2015-03-10 1:20 ` [PATCH 6/7 v21] LSM: Switch to lists of hooks Casey Schaufler
2015-03-11 16:42 ` Stephen Smalley
2015-03-11 18:47 ` Casey Schaufler
2015-03-11 19:24 ` Stephen Smalley
2015-03-11 22:42 ` [PATCH 8/7 v21] LSM: Fixes for issues found in review Casey Schaufler
2015-03-12 13:24 ` Stephen Smalley
2015-03-10 1:20 ` [PATCH 7/7 v21] LSM: Remove unused capability.c Casey Schaufler
2015-03-10 18:58 ` [PATCH 0/7 v21] LSM: Multiple concurrent LSMs Kees Cook
2015-03-11 16:25 ` Stephen Smalley
2015-03-11 16:35 ` Stephen Smalley
2015-03-12 0:42 ` Casey Schaufler
2015-03-12 14:32 ` Tetsuo Handa
2015-04-10 11:24 ` Tetsuo Handa
2015-04-10 18:22 ` John Johansen
2015-04-10 18:27 ` Casey Schaufler [this message]
2015-04-11 10:47 ` John Johansen
2015-04-20 16:24 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=552815F7.1060306@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=eparis@redhat.com \
--cc=james.l.morris@oracle.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=pmoore@redhat.com \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.