[PATCH v4 00/23] LSM: Module stacking for AppArmor
Casey Schaufler
casey at schaufler-ca.com
Wed Jun 26 21:25:32 UTC 2019
On 6/26/2019 2:04 PM, Kees Cook wrote:
> On Wed, Jun 26, 2019 at 12:22:11PM -0700, Casey Schaufler wrote:
>> This patchset provides the changes required for
>> the AppArmor security module to stack safely with any other.
>>
>> Because of the changes to slot handling and the rework of
>> "display" I have not included the Reviewed-by tags from the
>> previous version.
>>
>> v4: Incorporate feedback from v3
>> - Mark new lsm_<blob>_alloc functions static
>> - Replace the lsm and slot fields of the security_hook_list
>> with a pointer to a LSM allocated lsm_id structure. The
>> LSM identifies if it needs a slot explicitly. Use the
>> lsm_id rather than make security_add_hooks return the
>> slot value.
>> - Validate slot values used in security.c
>> - Reworked the "display" process attribute handling so that
>> it works right and doesn't use goofy list processing.
>> - fix display value check in dentry_init_security
>> - Replace audit_log of secids with '?' instead of deleting
>> the audit log
> I think you missed adding my and John's Reviewed-bys from v3?
See the sentence just before "v4:". I thought that the changes
where sufficient to require re-review. If you don't think they
are, I will happily accept the Reviewed-bys.
More information about the Linux-security-module-archive
mailing list