[PATCH v2] lsm: adds process attribute getter for Landlock
Mickaël Salaün
mic at digikod.net
Wed May 31 13:01:03 UTC 2023
On 30/05/2023 20:02, Jeff Xu wrote:
>>>>
>>>> As I believe we are in the latter stages of review for the syscall
>>>> API, perhaps you could take a look and ensure that the current
>>>> proposed API works for what you are envisioning with Landlock?
>>>>
>>> Which review/patch to look for the proposed API ?
>>
>> https://lore.kernel.org/lkml/20230428203417.159874-3-casey@schaufler-ca.com/T/
>>
>>
> How easy is it to add a customized LSM with new APIs?
> I'm asking because there are some hard-coded constant/macro, i.e.
I guess this question is related to the Chromium OS LSM right? I think
this would be a good opportunity to think about mainlining this LSM to
avoid the hassle of dealing with LSM IDs.
>
> +#define LSM_ID_LANDLOCK 111
> (Do IDs need to be sequential ?)
>
> + define LSM_CONFIG_COUNT
>
> Today, only security/Kconfig change is needed to add a new LSM, I think ?
More information about the Linux-security-module-archive
mailing list