[PATCH v26 15/25] LSM: Ensure the correct LSM context releaser
Paul Moore
paul at paul-moore.com
Fri May 21 20:19:17 UTC 2021
On Thu, May 13, 2021 at 4:24 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
>
> Add a new lsmcontext data structure to hold all the information
> about a "security context", including the string, its size and
> which LSM allocated the string. The allocation information is
> necessary because LSMs have different policies regarding the
> lifecycle of these strings. SELinux allocates and destroys
> them on each use, whereas Smack provides a pointer to an entry
> in a list that never goes away.
>
> Reviewed-by: Kees Cook <keescook at chromium.org>
> Reviewed-by: John Johansen <john.johansen at canonical.com>
> Acked-by: Stephen Smalley <sds at tycho.nsa.gov>
> Acked-by: Chuck Lever <chuck.lever at oracle.com>
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> Cc: linux-integrity at vger.kernel.org
> Cc: netdev at vger.kernel.org
> Cc: linux-audit at redhat.com
> Cc: netfilter-devel at vger.kernel.org
> To: Pablo Neira Ayuso <pablo at netfilter.org>
> Cc: linux-nfs at vger.kernel.org
> ---
> drivers/android/binder.c | 10 ++++---
> fs/ceph/xattr.c | 6 ++++-
> fs/nfs/nfs4proc.c | 8 ++++--
> fs/nfsd/nfs4xdr.c | 7 +++--
> include/linux/security.h | 35 +++++++++++++++++++++++--
> include/net/scm.h | 5 +++-
> kernel/audit.c | 14 +++++++---
> kernel/auditsc.c | 12 ++++++---
> net/ipv4/ip_sockglue.c | 4 ++-
> net/netfilter/nf_conntrack_netlink.c | 4 ++-
> net/netfilter/nf_conntrack_standalone.c | 4 ++-
> net/netfilter/nfnetlink_queue.c | 13 ++++++---
> net/netlabel/netlabel_unlabeled.c | 19 +++++++++++---
> net/netlabel/netlabel_user.c | 4 ++-
> security/security.c | 11 ++++----
> 15 files changed, 121 insertions(+), 35 deletions(-)
Acked-by: Paul Moore <paul at paul-moore.com>
--
paul moore
www.paul-moore.com
More information about the Linux-security-module-archive
mailing list