From: "Dr. Greg" <greg@enjellic.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-security-module@vger.kernel.org
Subject: Re: [PATCH 05/14] Add TSEM master header file.
Date: Sun, 5 Feb 2023 18:10:25 -0600 [thread overview]
Message-ID: <20230206001025.GA16594@wind.enjellic.com> (raw)
In-Reply-To: <ecb168ef-b82d-fd61-f2f8-54a4ef8c3b48@schaufler-ca.com>
On Sat, Feb 04, 2023 at 06:58:08PM -0800, Casey Schaufler wrote:
> On 2/3/2023 9:09 PM, Dr. Greg wrote:
> > TSEM is designed, from a functional perspective, to be contained
> > entirely in its own directory.
> >
> > The tsem.h header file defines the enumeration types, structure
> > definitions and externally visiable functions that are referenced
> > by the TSEM LSM implementation.
Hi Casey, thanks for taking the time to look at all of this and raise
issues, we appreciate the feedback.
> This is really awkward.
With respect to awkward, those who know me well would never accuse me
of terpsichoric elegance, either balletic or in technology.... :-)
> Without the uses of the structures and constants it's very difficult
> to understand how any of this makes sense. It would be easier to
> review if the structures and constants were introduced as they are
> used rather than being presented in one massive dump.
With respect to any of this making sense, we've read and studied the
existing LSM's fairly extensively as we built TSEM, we accept our
prejudices of course, but we think that TSEM is probably one of the
easiest to follow conceptually.
Doesn't mean we can't do better though, particularly as we look at the
issue of that header file retrospectively.
I think where the presentation of the structures and enumeration
types, as a single entity falls down, is not explicitly documenting
the role and function of the structures and constants in that file.
We did that for the external functions in the compilation units and
should have done that for the contents of the include file.
I'm not sure that adding things to the include file incrementally will
be any more understandable without more explicit documentation. If we
document them now, it should help not only the review process but
anyone who needs to look at the code down the road with a mind on
understanding whqt is going on.
Having the include file introduced as a standalone entity also assists
in reliably rolling a review patch set. It is already easy enough to
make a mistake and we don't want to waste reviewer time and list
bandwidith with a blown patchset.
We will collect whatever additional comments are forthcoming and fully
document the contents of that file for the second spin of the patch.
Thanks again for your observations.
As always,
Dr. Greg
The Quixote Project - Flailing at the Travails of Cybersecurity
next prev parent reply other threads:[~2023-02-06 0:10 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-04 5:09 [PATCH 00/14] Implement Trusted Security Event Modeling Dr. Greg
2023-02-04 5:09 ` [PATCH 01/14] Update MAINTAINERS file Dr. Greg
2023-02-04 5:09 ` [PATCH 02/14] Add TSEM specific documentation Dr. Greg
2023-02-09 11:47 ` Greg KH
2023-02-09 23:47 ` Dr. Greg
2023-02-13 4:33 ` Paul Moore
2023-02-14 11:58 ` Dr. Greg
2023-02-14 12:18 ` Roberto Sassu
2023-02-15 16:26 ` Dr. Greg
2023-03-03 4:15 ` Paul Moore
2023-03-13 22:52 ` Dr. Greg
2023-03-22 23:45 ` Paul Moore
2023-03-30 3:34 ` Dr. Greg
2023-04-05 20:45 ` Paul Moore
2023-04-07 14:10 ` Dr. Greg
2023-02-04 5:09 ` [PATCH 03/14] Add magic number for tsemfs Dr. Greg
2023-02-04 5:09 ` [PATCH 04/14] Implement CAP_TRUST capability Dr. Greg
2023-02-06 17:28 ` Serge Hallyn (shallyn)
2023-02-11 0:32 ` Dr. Greg
[not found] ` <a12483d1-9d57-d429-789b-9e47ff575546@schaufler-ca.com>
2023-02-13 11:43 ` Dr. Greg
2023-02-13 18:02 ` Casey Schaufler
2023-02-16 21:47 ` Dr. Greg
2023-02-04 5:09 ` [PATCH 05/14] Add TSEM master header file Dr. Greg
[not found] ` <ecb168ef-b82d-fd61-f2f8-54a4ef8c3b48@schaufler-ca.com>
2023-02-06 0:10 ` Dr. Greg [this message]
2023-02-04 5:09 ` [PATCH 06/14] Add primary TSEM implementation file Dr. Greg
2023-02-04 5:09 ` [PATCH 07/14] Add root domain trust implementation Dr. Greg
2023-02-04 5:09 ` [PATCH 08/14] Implement TSEM control plane Dr. Greg
2023-02-09 11:30 ` Greg KH
2023-02-11 0:18 ` Dr. Greg
2023-02-11 10:59 ` Greg KH
2023-02-12 6:54 ` Dr. Greg
2023-02-16 6:53 ` Greg KH
2023-02-18 18:03 ` Dr. Greg
2023-02-04 5:09 ` [PATCH 09/14] Add namespace implementation Dr. Greg
2023-02-04 5:09 ` [PATCH 10/14] Add security event description export facility Dr. Greg
2023-02-04 5:09 ` [PATCH 11/14] Add event description implementation Dr. Greg
2023-02-04 5:09 ` [PATCH 12/14] Implement security event mapping Dr. Greg
2023-02-04 5:09 ` [PATCH 13/14] Implement an internal Trusted Modeling Agent Dr. Greg
2023-02-04 5:09 ` [PATCH 14/14] Activate the configuration and build of the TSEM LSM Dr. Greg
2023-02-08 22:15 ` Casey Schaufler
2023-02-09 22:21 ` Dr. Greg
[not found] ` <20230204115917.1015-1-hdanton@sina.com>
2023-02-23 18:41 ` [PATCH 09/14] Add namespace implementation Dr. Greg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230206001025.GA16594@wind.enjellic.com \
--to=greg@enjellic.com \
--cc=casey@schaufler-ca.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).