From: Paul Moore <paul@paul-moore.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
casey@schaufler-ca.com, linux-security-module@vger.kernel.org
Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
selinux@vger.kernel.org, mic@digikod.net,
apparmor@lists.ubuntu.com, bpf@vger.kernel.org
Subject: Re: [PATCH v2 1/13] LSM: Add the lsmblob data structure.
Date: Tue, 03 Sep 2024 20:18:28 -0400 [thread overview]
Message-ID: <0a6ba6a6dbd423b56801b84b01fa8c41@paul-moore.com> (raw)
In-Reply-To: <20240830003411.16818-2-casey@schaufler-ca.com>
On Aug 29, 2024 Casey Schaufler <casey@schaufler-ca.com> wrote:
>
> When more than one security module is exporting data to audit and
> networking sub-systems a single 32 bit integer is no longer
> sufficient to represent the data. Add a structure to be used instead.
>
> The lsmblob structure definition is intended to keep the LSM
> specific information private to the individual security modules.
> The module specific information is included in a new set of
> header files under include/lsm. Each security module is allowed
> to define the information included for its use in the lsmblob.
> SELinux includes a u32 secid. Smack includes a pointer into its
> global label list. The conditional compilation based on feature
> inclusion is contained in the include/lsm files.
>
> Suggested-by: Paul Moore <paul@paul-moore.com>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> Cc: apparmor@lists.ubuntu.com
> Cc: bpf@vger.kernel.org
> Cc: selinux@vger.kernel.org
> Cc: linux-security-module@vger.kernel.org
> ---
> include/linux/lsm/apparmor.h | 17 +++++++++++++++++
> include/linux/lsm/bpf.h | 16 ++++++++++++++++
> include/linux/lsm/selinux.h | 16 ++++++++++++++++
> include/linux/lsm/smack.h | 17 +++++++++++++++++
> include/linux/security.h | 20 ++++++++++++++++++++
> 5 files changed, 86 insertions(+)
> create mode 100644 include/linux/lsm/apparmor.h
> create mode 100644 include/linux/lsm/bpf.h
> create mode 100644 include/linux/lsm/selinux.h
> create mode 100644 include/linux/lsm/smack.h
...
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 1390f1efb4f0..0057a22137e8 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -34,6 +34,10 @@
> #include <linux/sockptr.h>
> #include <linux/bpf.h>
> #include <uapi/linux/lsm.h>
> +#include <linux/lsm/selinux.h>
> +#include <linux/lsm/smack.h>
> +#include <linux/lsm/apparmor.h>
> +#include <linux/lsm/bpf.h>
>
> struct linux_binprm;
> struct cred;
> @@ -140,6 +144,22 @@ enum lockdown_reason {
> LOCKDOWN_CONFIDENTIALITY_MAX,
> };
>
> +/* scaffolding */
> +struct lsmblob_scaffold {
> + u32 secid;
> +};
> +
> +/*
> + * Data exported by the security modules
> + */
> +struct lsmblob {
> + struct lsmblob_selinux selinux;
> + struct lsmblob_smack smack;
> + struct lsmblob_apparmor apparmor;
> + struct lsmblob_bpf bpf;
> + struct lsmblob_scaffold scaffold;
> +};
Warning, top shelf bikeshedding follows ...
I believe that historically when we've talked about the "LSM blob" we've
usually been referring to the opaque buffers used to store LSM state that
we attach to a number of kernel structs using the `void *security` field.
At least that is what I think of when I read "struct lsmblob", and I'd
like to get ahead of the potential confusion while we still can.
Casey, I'm sure you're priority is simply getting this merged and you
likely care very little about the name (as long as it isn't too horrible),
but what about "lsm_ref"? Other ideas are most definitely welcome.
I'm not going to comment on all the other related occurrences in the
patchset, but all the "XXX_lsmblob_XXX" functions should be adjusted based
on what we name the struct, e.g. "XXX_lsmref_XXX".
--
paul-moore.com
next prev parent reply other threads:[~2024-09-04 0:18 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20240830003411.16818-1-casey@schaufler-ca.com>
2024-08-30 0:33 ` [PATCH v2 01/13] LSM: Add the lsmblob data structure Casey Schaufler
2024-09-04 0:18 ` Paul Moore [this message]
2024-09-04 0:53 ` [PATCH v2 1/13] " Casey Schaufler
2024-09-04 20:00 ` Paul Moore
2024-09-04 20:28 ` Casey Schaufler
2024-09-04 20:36 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0a6ba6a6dbd423b56801b84b01fa8c41@paul-moore.com \
--to=paul@paul-moore.com \
--cc=apparmor@lists.ubuntu.com \
--cc=bpf@vger.kernel.org \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox