From: "Maxime Bélair" <maxime.belair@canonical.com>
To: Song Liu <song@kernel.org>
Cc: linux-security-module@vger.kernel.org,
john.johansen@canonical.com, paul@paul-moore.com,
jmorris@namei.org, serge@hallyn.com, mic@digikod.net,
kees@kernel.org, stephen.smalley.work@gmail.com,
casey@schaufler-ca.com, takedakn@nttdata.co.jp,
penguin-kernel@i-love.sakura.ne.jp, linux-api@vger.kernel.org,
apparmor@lists.ubuntu.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/3] lsm: introduce security_lsm_manage_policy hook
Date: Wed, 7 May 2025 17:37:25 +0200 [thread overview]
Message-ID: <bc252425-2703-48c4-a1fa-9268124c2386@canonical.com> (raw)
In-Reply-To: <CAPhsuW7q1hvOG7-uG2C8d_wWnOhEmvTmwnBcXZYVX-oJ8=5FJQ@mail.gmail.com>
On 5/7/25 08:19, Song Liu wrote:
> On Tue, May 6, 2025 at 7:40 AM Maxime Bélair
> <maxime.belair@canonical.com> wrote:
>>
>> Define a new LSM hook security_lsm_manage_policy and wire it into the
>> lsm_manage_policy() syscall so that LSMs can register a unified interface
>> for policy management. This initial, minimal implementation only supports
>> the LSM_POLICY_LOAD operation to limit changes.
>>
>> Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
> [...]
>> diff --git a/security/security.c b/security/security.c
>> index fb57e8fddd91..256104e338b1 100644
>> --- a/security/security.c
>> +++ b/security/security.c
>> @@ -5883,6 +5883,27 @@ int security_bdev_setintegrity(struct block_device *bdev,
>> }
>> EXPORT_SYMBOL(security_bdev_setintegrity);
>>
>> +/**
>> + * security_lsm_manage_policy() - Manage the policies of LSMs
>> + * @lsm_id: id of the lsm to target
>> + * @op: Operation to perform (one of the LSM_POLICY_XXX values)
>> + * @buf: userspace pointer to policy data
>> + * @size: size of @buf
>> + * @flags: lsm policy management flags
>> + *
>> + * Manage the policies of a LSM. This notably allows to update them even when
>> + * the lsmfs is unavailable is restricted. Currently, only LSM_POLICY_LOAD is
>> + * supported.
>> + *
>> + * Return: Returns 0 on success, error on failure.
>> + */
>> +int security_lsm_manage_policy(u32 lsm_id, u32 op, void __user *buf,
>> + size_t size, u32 flags)
>> +{
>> + return call_int_hook(lsm_manage_policy, lsm_id, op, buf, size, flags);
>
> If the LSM doesn't implement this hook, sys_lsm_manage_policy will return 0
> for any inputs, right? This is gonna be so confusing for users.
Indeed, that was an oversight. It will return -EOPNOTSUPP in the next patch revision.
>
> Thanks,
> Song
Thanks,
Maxime
next prev parent reply other threads:[~2025-05-07 15:37 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-06 14:32 [PATCH 0/3] lsm: introduce lsm_manage_policy() syscall Maxime Bélair
2025-05-06 14:32 ` [PATCH 1/3] Wire up the lsm_manage_policy syscall Maxime Bélair
2025-05-07 6:26 ` Song Liu
2025-05-07 15:37 ` Maxime Bélair
2025-05-07 22:04 ` Tetsuo Handa
2025-05-08 7:52 ` John Johansen
2025-05-09 10:25 ` Mickaël Salaün
2025-05-11 11:09 ` John Johansen
2025-05-08 6:06 ` Song Liu
2025-05-08 8:18 ` John Johansen
2025-05-09 10:26 ` Mickaël Salaün
2025-05-11 10:47 ` John Johansen
2025-05-12 10:20 ` Mickaël Salaün
2025-05-17 7:59 ` John Johansen
2025-05-08 7:12 ` John Johansen
2025-05-07 13:58 ` kernel test robot
2025-05-06 14:32 ` [PATCH 2/3] lsm: introduce security_lsm_manage_policy hook Maxime Bélair
2025-05-07 6:19 ` Song Liu
2025-05-07 15:37 ` Maxime Bélair [this message]
2025-05-08 8:20 ` John Johansen
2025-05-07 10:40 ` Tetsuo Handa
2025-05-07 15:37 ` Maxime Bélair
2025-05-07 20:25 ` Paul Moore
2025-05-08 8:29 ` John Johansen
2025-05-08 16:54 ` Casey Schaufler
2025-05-09 10:26 ` Mickaël Salaün
2025-05-09 14:21 ` Casey Schaufler
2025-05-11 11:26 ` John Johansen
2025-05-11 11:20 ` John Johansen
2025-05-08 8:25 ` John Johansen
2025-05-08 12:55 ` Tetsuo Handa
2025-05-08 14:44 ` John Johansen
2025-05-08 15:07 ` Tetsuo Handa
2025-05-09 3:25 ` John Johansen
2025-05-07 12:04 ` kernel test robot
2025-05-06 14:32 ` [PATCH 3/3] AppArmor: add support for lsm_manage_policy Maxime Bélair
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bc252425-2703-48c4-a1fa-9268124c2386@canonical.com \
--to=maxime.belair@canonical.com \
--cc=apparmor@lists.ubuntu.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=kees@kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=serge@hallyn.com \
--cc=song@kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=takedakn@nttdata.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox