[PATCH v38 04/39] LSM: Maintain a table of LSM attribute data
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Thu Oct 13 10:04:05 UTC 2022
On 2022/09/28 4:53, Casey Schaufler wrote:
> @@ -483,6 +491,16 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
> {
> int i;
>
> + /*
> + * A security module may call security_add_hooks() more
> + * than once. Landlock is one such case.
> + */
> + if (lsm_id == 0 || lsm_idlist[lsm_id - 1] != lsmid)
> + lsm_idlist[lsm_id++] = lsmid;
> +
> + if (lsm_id > LSMID_ENTRIES)
> + panic("%s Too many LSMs registered.\n", __func__);
I'm not happy with LSMID_ENTRIES. This is a way towards forever forbidding LKM-based LSMs.
I'm fine with using UAPI-visible constants for switching /proc/ files.
But TOMOYO does not need such constant because TOMOYO does not use /proc/ files.
Also, lsm_self_attr() will be limited for LSM modules which use /proc/ files, and
therefore I think prctl() will be already there.
> +
> for (i = 0; i < count; i++) {
> hooks[i].lsmid = lsmid;
> hlist_add_tail_rcu(&hooks[i].list, hooks[i].head);
More information about the Linux-security-module-archive
mailing list