[PATCH v15 02/23] LSM: Create and manage the lsmblob data structure.
Stephen Smalley
sds at tycho.nsa.gov
Tue Feb 18 17:56:42 UTC 2020
On 2/14/20 6:41 PM, Casey Schaufler wrote:
> When more than one security module is exporting data to
> audit and networking sub-systems a single 32 bit integer
> is no longer sufficient to represent the data. Add a
> structure to be used instead.
>
> The lsmblob structure is currently an array of
> u32 "secids". There is an entry for each of the
> security modules built into the system that would
> use secids if active. The system assigns the module
> a "slot" when it registers hooks. If modules are
> compiled in but not registered there will be unused
> slots.
>
> A new lsm_id structure, which contains the name
> of the LSM and its slot number, is created. There
> is an instance for each LSM, which assigns the name
> and passes it to the infrastructure to set the slot.
>
> The audit rules data is expanded to use an array of
> security module data rather than a single instance.
> Because IMA uses the audit rule functions it is
> affected as well.
>
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
Acked-by: Stephen Smalley <sds at tycho.nsa.gov>
[...]
More information about the Linux-security-module-archive
mailing list