[PATCH 1/1] NAX LSM: Add initial support support

Igor Zhbanov izh1979 at gmail.com
Fri Aug 13 08:05:01 UTC 2021

Hi Simon,

> Yes, what I meant was that maybe you could just declare it at the beginning of the function,
> and not use it at all in the sysctl table. Because as I see it, you only use allowed_caps_hex in the sysctl
> table to copy the string to that temporary (variable), and its use is limited to that one function.
> Instead of:
> +               if ((error = proc_dostring(table, write, buffer, lenp, ppos)))
> +                       return error;
> You could probably get away with something like:
>+       strncpy(allowed_caps_hex, buffer, ALLOWED_CAPS_HEX_LEN + 1);

proc_dostring() is more than simple strncpy(). It is handling offsets too.
I.e. if a user will try to write not from the starting position. But
I've seen that some
functions simply create an instance of struct ctl_table, fill it and
call needed function.


More information about the Linux-security-module-archive mailing list