* [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation @ 2023-10-26 9:02 Roberto Sassu 2023-10-26 14:48 ` Paul Moore 0 siblings, 1 reply; 6+ messages in thread From: Roberto Sassu @ 2023-10-26 9:02 UTC (permalink / raw) To: paul, jmorris, serge Cc: linux-security-module, linux-kernel, zohar, linux-integrity, Roberto Sassu From: Roberto Sassu <roberto.sassu@huawei.com> Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT calculation, used to limit how many LSMs can invoke security_add_hooks(). Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> --- security/security.c | 1 - 1 file changed, 1 deletion(-) diff --git a/security/security.c b/security/security.c index 988483fcf153..7281aa90ca20 100644 --- a/security/security.c +++ b/security/security.c @@ -44,7 +44,6 @@ (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ - (IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \ (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \ -- 2.34.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation 2023-10-26 9:02 [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation Roberto Sassu @ 2023-10-26 14:48 ` Paul Moore 2023-10-26 15:12 ` Roberto Sassu 0 siblings, 1 reply; 6+ messages in thread From: Paul Moore @ 2023-10-26 14:48 UTC (permalink / raw) To: Roberto Sassu, jmorris, serge Cc: linux-security-module, linux-kernel, zohar, linux-integrity, Roberto Sassu On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT > calculation, used to limit how many LSMs can invoke security_add_hooks(). > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > --- > security/security.c | 1 - > 1 file changed, 1 deletion(-) Merged into lsm/dev-staging, thanks! -- paul-moore.com ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation 2023-10-26 14:48 ` Paul Moore @ 2023-10-26 15:12 ` Roberto Sassu 2023-10-26 15:59 ` Paul Moore 0 siblings, 1 reply; 6+ messages in thread From: Roberto Sassu @ 2023-10-26 15:12 UTC (permalink / raw) To: Paul Moore, jmorris, serge Cc: linux-security-module, linux-kernel, zohar, linux-integrity, Roberto Sassu On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote: > On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT > > calculation, used to limit how many LSMs can invoke security_add_hooks(). > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > --- > > security/security.c | 1 - > > 1 file changed, 1 deletion(-) > > Merged into lsm/dev-staging, thanks! Welcome! Could you please also rebase lsm/dev-staging, to move ab3888c7198d ("LSM: wireup Linux Security Module syscalls") after f7875966dc0c ("tools headers UAPI: Sync files changed by new fchmodat2 and map_shadow_stack syscalls with the kernel sources")? Thanks Roberto ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation 2023-10-26 15:12 ` Roberto Sassu @ 2023-10-26 15:59 ` Paul Moore 2023-10-26 16:36 ` Paul Moore 0 siblings, 1 reply; 6+ messages in thread From: Paul Moore @ 2023-10-26 15:59 UTC (permalink / raw) To: Roberto Sassu Cc: jmorris, serge, linux-security-module, linux-kernel, zohar, linux-integrity, Roberto Sassu On Thu, Oct 26, 2023 at 11:12 AM Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote: > > On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > > > > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT > > > calculation, used to limit how many LSMs can invoke security_add_hooks(). > > > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > > --- > > > security/security.c | 1 - > > > 1 file changed, 1 deletion(-) > > > > Merged into lsm/dev-staging, thanks! > > Welcome! > > Could you please also rebase lsm/dev-staging, to move ab3888c7198d > ("LSM: wireup Linux Security Module syscalls") after f7875966dc0c > ("tools headers UAPI: Sync files changed by new fchmodat2 and > map_shadow_stack syscalls with the kernel sources")? Let me look into that, as long as it doesn't blow up the stuff in lsm/dev (I don't think it would), I'll go ahead and rebase to v6.6-rc4 which should resolve the syscall numbering conflict. FWIW, I also hit the same problem with my kernel-secnext builds, if you're using those RPMs you'll find it's already resolved there. -- paul-moore.com ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation 2023-10-26 15:59 ` Paul Moore @ 2023-10-26 16:36 ` Paul Moore 2023-11-13 4:06 ` Paul Moore 0 siblings, 1 reply; 6+ messages in thread From: Paul Moore @ 2023-10-26 16:36 UTC (permalink / raw) To: Roberto Sassu Cc: jmorris, serge, linux-security-module, linux-kernel, zohar, linux-integrity, Roberto Sassu On Thu, Oct 26, 2023 at 11:59 AM Paul Moore <paul@paul-moore.com> wrote: > On Thu, Oct 26, 2023 at 11:12 AM Roberto Sassu > <roberto.sassu@huaweicloud.com> wrote: > > On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote: > > > On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > > > > > > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT > > > > calculation, used to limit how many LSMs can invoke security_add_hooks(). > > > > > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > > > --- > > > > security/security.c | 1 - > > > > 1 file changed, 1 deletion(-) > > > > > > Merged into lsm/dev-staging, thanks! > > > > Welcome! > > > > Could you please also rebase lsm/dev-staging, to move ab3888c7198d > > ("LSM: wireup Linux Security Module syscalls") after f7875966dc0c > > ("tools headers UAPI: Sync files changed by new fchmodat2 and > > map_shadow_stack syscalls with the kernel sources")? > > Let me look into that, as long as it doesn't blow up the stuff in > lsm/dev (I don't think it would), I'll go ahead and rebase to v6.6-rc4 > which should resolve the syscall numbering conflict. > > FWIW, I also hit the same problem with my kernel-secnext builds, if > you're using those RPMs you'll find it's already resolved there. That wasn't very messy so I've rebased lsm/dev-staging to v6.6-rc4 and regenerated lsm/next. If you notice any problems please let me know. -- paul-moore.com ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation 2023-10-26 16:36 ` Paul Moore @ 2023-11-13 4:06 ` Paul Moore 0 siblings, 0 replies; 6+ messages in thread From: Paul Moore @ 2023-11-13 4:06 UTC (permalink / raw) To: Roberto Sassu Cc: jmorris, serge, linux-security-module, linux-kernel, zohar, linux-integrity, Roberto Sassu On Thu, Oct 26, 2023 at 12:36 PM Paul Moore <paul@paul-moore.com> wrote: > On Thu, Oct 26, 2023 at 11:59 AM Paul Moore <paul@paul-moore.com> wrote: > > On Thu, Oct 26, 2023 at 11:12 AM Roberto Sassu > > <roberto.sassu@huaweicloud.com> wrote: > > > On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote: > > > > On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > > > > > > > > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT > > > > > calculation, used to limit how many LSMs can invoke security_add_hooks(). > > > > > > > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > > > > --- > > > > > security/security.c | 1 - > > > > > 1 file changed, 1 deletion(-) > > > > > > > > Merged into lsm/dev-staging, thanks! > > > > > > Welcome! > > > > > > Could you please also rebase lsm/dev-staging, to move ab3888c7198d > > > ("LSM: wireup Linux Security Module syscalls") after f7875966dc0c > > > ("tools headers UAPI: Sync files changed by new fchmodat2 and > > > map_shadow_stack syscalls with the kernel sources")? > > > > Let me look into that, as long as it doesn't blow up the stuff in > > lsm/dev (I don't think it would), I'll go ahead and rebase to v6.6-rc4 > > which should resolve the syscall numbering conflict. > > > > FWIW, I also hit the same problem with my kernel-secnext builds, if > > you're using those RPMs you'll find it's already resolved there. > > That wasn't very messy so I've rebased lsm/dev-staging to v6.6-rc4 and > regenerated lsm/next. If you notice any problems please let me know. Now merged into lsm/dev, thanks Roberto! -- paul-moore.com ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-11-13 4:06 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-10-26 9:02 [PATCH] security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation Roberto Sassu 2023-10-26 14:48 ` Paul Moore 2023-10-26 15:12 ` Roberto Sassu 2023-10-26 15:59 ` Paul Moore 2023-10-26 16:36 ` Paul Moore 2023-11-13 4:06 ` Paul Moore
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox