[PATCH v2 00/25] LSM: Module stacking for AppArmor
Kees Cook
keescook at chromium.org
Wed Jun 19 05:21:42 UTC 2019
On Tue, Jun 18, 2019 at 04:05:26PM -0700, Casey Schaufler wrote:
> Patches 0004-0014 replace system use of a "secid" with
> a structure "lsmblob" containing information from the
> security modules to be held and reused later. At this
> point lsmblob contains an array of u32 secids, one "slot"
> for each of the security modules compiled into the
> kernel that used secids. A "slot" is allocated when
> a security module registers a hook for one of the interfaces
> that uses a secid or a security context. The infrastructure
> is changed to use the slot number to pass the correct
> secid to or from the security module hooks.
I found 14/25 in your git tree. Very satisfying to see all the
scaffolding vanish for process_measurement() :)
I like this progression in 4-14; I find it much much easier to review.
My only complaint is the variable names. I think I'd prefer "blob" over
"le" or "l", which are both contain very little information about what
they are.
--
Kees Cook
More information about the Linux-security-module-archive
mailing list