[PATCH v38 09/39] LSM: Add the lsmblob data structure.
Mickaël Salaün
mic at digikod.net
Wed Oct 12 21:18:33 UTC 2022
On 27/09/2022 21:53, Casey Schaufler wrote:
> When more than one security module is exporting data to
> audit and networking sub-systems a single 32 bit integer
> is no longer sufficient to represent the data. Add a
> structure to be used instead.
>
> The lsmblob structure is currently an array of
> u32 "secids". There is an entry for each of the security
> modules built into the system that would use secids if
> active. The system assigns the module a "slot" when it
> registers hooks. If modules are compiled in but not
> registered there will be unused slots. The slot number
> is added to the lsm_id structure.
>
> The audit rules data is expanded to use an array of
> security module data rather than a single instance.
> A new structure audit_lsm_rules is defined to avoid the
> confusion which commonly accompanies the use of
> void ** parameters.
>
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> ---
[...]
> diff --git a/security/landlock/setup.c b/security/landlock/setup.c
> index 1242c61c9de4..adbe941370f3 100644
> --- a/security/landlock/setup.c
> +++ b/security/landlock/setup.c
> @@ -27,6 +27,7 @@ struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = {
> struct lsm_id landlock_lsmid __lsm_ro_after_init = {
> .lsm = LANDLOCK_NAME,
> .id = LSM_ID_LANDLOCK,
> + .slot = LSMBLOB_NOT_NEEDED,
Please only use one space after ".slot"
More information about the Linux-security-module-archive
mailing list