* [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation
@ 2023-10-26 9:02 Roberto Sassu
2023-10-26 14:48 ` Paul Moore
0 siblings, 1 reply; 6+ messages in thread
From: Roberto Sassu @ 2023-10-26 9:02 UTC (permalink / raw)
To: paul, jmorris, serge
Cc: linux-security-module, linux-kernel, zohar, linux-integrity,
Roberto Sassu
From: Roberto Sassu <roberto.sassu@huawei.com>
Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT
calculation, used to limit how many LSMs can invoke security_add_hooks().
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
security/security.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/security/security.c b/security/security.c
index 988483fcf153..7281aa90ca20 100644
--- a/security/security.c
+++ b/security/security.c
@@ -44,7 +44,6 @@
(IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \
(IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \
(IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \
- (IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \
(IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \
(IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \
(IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation
2023-10-26 9:02 [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation Roberto Sassu
@ 2023-10-26 14:48 ` Paul Moore
2023-10-26 15:12 ` Roberto Sassu
0 siblings, 1 reply; 6+ messages in thread
From: Paul Moore @ 2023-10-26 14:48 UTC (permalink / raw)
To: Roberto Sassu, jmorris, serge
Cc: linux-security-module, linux-kernel, zohar, linux-integrity,
Roberto Sassu
On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote:
>
> Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT
> calculation, used to limit how many LSMs can invoke security_add_hooks().
>
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
> security/security.c | 1 -
> 1 file changed, 1 deletion(-)
Merged into lsm/dev-staging, thanks!
--
paul-moore.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation
2023-10-26 14:48 ` Paul Moore
@ 2023-10-26 15:12 ` Roberto Sassu
2023-10-26 15:59 ` Paul Moore
0 siblings, 1 reply; 6+ messages in thread
From: Roberto Sassu @ 2023-10-26 15:12 UTC (permalink / raw)
To: Paul Moore, jmorris, serge
Cc: linux-security-module, linux-kernel, zohar, linux-integrity,
Roberto Sassu
On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote:
> On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote:
> >
> > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT
> > calculation, used to limit how many LSMs can invoke security_add_hooks().
> >
> > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > ---
> > security/security.c | 1 -
> > 1 file changed, 1 deletion(-)
>
> Merged into lsm/dev-staging, thanks!
Welcome!
Could you please also rebase lsm/dev-staging, to move ab3888c7198d
("LSM: wireup Linux Security Module syscalls") after f7875966dc0c
("tools headers UAPI: Sync files changed by new fchmodat2 and
map_shadow_stack syscalls with the kernel sources")?
Thanks
Roberto
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation
2023-10-26 15:12 ` Roberto Sassu
@ 2023-10-26 15:59 ` Paul Moore
2023-10-26 16:36 ` Paul Moore
0 siblings, 1 reply; 6+ messages in thread
From: Paul Moore @ 2023-10-26 15:59 UTC (permalink / raw)
To: Roberto Sassu
Cc: jmorris, serge, linux-security-module, linux-kernel, zohar,
linux-integrity, Roberto Sassu
On Thu, Oct 26, 2023 at 11:12 AM Roberto Sassu
<roberto.sassu@huaweicloud.com> wrote:
> On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote:
> > On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote:
> > >
> > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT
> > > calculation, used to limit how many LSMs can invoke security_add_hooks().
> > >
> > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > > ---
> > > security/security.c | 1 -
> > > 1 file changed, 1 deletion(-)
> >
> > Merged into lsm/dev-staging, thanks!
>
> Welcome!
>
> Could you please also rebase lsm/dev-staging, to move ab3888c7198d
> ("LSM: wireup Linux Security Module syscalls") after f7875966dc0c
> ("tools headers UAPI: Sync files changed by new fchmodat2 and
> map_shadow_stack syscalls with the kernel sources")?
Let me look into that, as long as it doesn't blow up the stuff in
lsm/dev (I don't think it would), I'll go ahead and rebase to v6.6-rc4
which should resolve the syscall numbering conflict.
FWIW, I also hit the same problem with my kernel-secnext builds, if
you're using those RPMs you'll find it's already resolved there.
--
paul-moore.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation
2023-10-26 15:59 ` Paul Moore
@ 2023-10-26 16:36 ` Paul Moore
2023-11-13 4:06 ` Paul Moore
0 siblings, 1 reply; 6+ messages in thread
From: Paul Moore @ 2023-10-26 16:36 UTC (permalink / raw)
To: Roberto Sassu
Cc: jmorris, serge, linux-security-module, linux-kernel, zohar,
linux-integrity, Roberto Sassu
On Thu, Oct 26, 2023 at 11:59 AM Paul Moore <paul@paul-moore.com> wrote:
> On Thu, Oct 26, 2023 at 11:12 AM Roberto Sassu
> <roberto.sassu@huaweicloud.com> wrote:
> > On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote:
> > > On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote:
> > > >
> > > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT
> > > > calculation, used to limit how many LSMs can invoke security_add_hooks().
> > > >
> > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > > > ---
> > > > security/security.c | 1 -
> > > > 1 file changed, 1 deletion(-)
> > >
> > > Merged into lsm/dev-staging, thanks!
> >
> > Welcome!
> >
> > Could you please also rebase lsm/dev-staging, to move ab3888c7198d
> > ("LSM: wireup Linux Security Module syscalls") after f7875966dc0c
> > ("tools headers UAPI: Sync files changed by new fchmodat2 and
> > map_shadow_stack syscalls with the kernel sources")?
>
> Let me look into that, as long as it doesn't blow up the stuff in
> lsm/dev (I don't think it would), I'll go ahead and rebase to v6.6-rc4
> which should resolve the syscall numbering conflict.
>
> FWIW, I also hit the same problem with my kernel-secnext builds, if
> you're using those RPMs you'll find it's already resolved there.
That wasn't very messy so I've rebased lsm/dev-staging to v6.6-rc4 and
regenerated lsm/next. If you notice any problems please let me know.
--
paul-moore.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation
2023-10-26 16:36 ` Paul Moore
@ 2023-11-13 4:06 ` Paul Moore
0 siblings, 0 replies; 6+ messages in thread
From: Paul Moore @ 2023-11-13 4:06 UTC (permalink / raw)
To: Roberto Sassu
Cc: jmorris, serge, linux-security-module, linux-kernel, zohar,
linux-integrity, Roberto Sassu
On Thu, Oct 26, 2023 at 12:36 PM Paul Moore <paul@paul-moore.com> wrote:
> On Thu, Oct 26, 2023 at 11:59 AM Paul Moore <paul@paul-moore.com> wrote:
> > On Thu, Oct 26, 2023 at 11:12 AM Roberto Sassu
> > <roberto.sassu@huaweicloud.com> wrote:
> > > On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote:
> > > > On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote:
> > > > >
> > > > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT
> > > > > calculation, used to limit how many LSMs can invoke security_add_hooks().
> > > > >
> > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > > > > ---
> > > > > security/security.c | 1 -
> > > > > 1 file changed, 1 deletion(-)
> > > >
> > > > Merged into lsm/dev-staging, thanks!
> > >
> > > Welcome!
> > >
> > > Could you please also rebase lsm/dev-staging, to move ab3888c7198d
> > > ("LSM: wireup Linux Security Module syscalls") after f7875966dc0c
> > > ("tools headers UAPI: Sync files changed by new fchmodat2 and
> > > map_shadow_stack syscalls with the kernel sources")?
> >
> > Let me look into that, as long as it doesn't blow up the stuff in
> > lsm/dev (I don't think it would), I'll go ahead and rebase to v6.6-rc4
> > which should resolve the syscall numbering conflict.
> >
> > FWIW, I also hit the same problem with my kernel-secnext builds, if
> > you're using those RPMs you'll find it's already resolved there.
>
> That wasn't very messy so I've rebased lsm/dev-staging to v6.6-rc4 and
> regenerated lsm/next. If you notice any problems please let me know.
Now merged into lsm/dev, thanks Roberto!
--
paul-moore.com
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-11-13 4:06 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-26 9:02 [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation Roberto Sassu
2023-10-26 14:48 ` Paul Moore
2023-10-26 15:12 ` Roberto Sassu
2023-10-26 15:59 ` Paul Moore
2023-10-26 16:36 ` Paul Moore
2023-11-13 4:06 ` Paul Moore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox