[PATCH] lsm: drop LSM_ID_IMA
Roberto Sassu
roberto.sassu at huaweicloud.com
Thu Oct 19 08:08:31 UTC 2023
On Wed, 2023-10-18 at 17:50 -0400, Paul Moore wrote:
> When IMA becomes a proper LSM we will reintroduce an appropriate
> LSM ID, but drop it from the userspace API for now in an effort
> to put an end to debates around the naming of the LSM ID macro.
>
> Signed-off-by: Paul Moore <paul at paul-moore.com>
Reviewed-by: Roberto Sassu <roberto.sassu at huawei.com>
This makes sense according to the new goal of making 'ima' and 'evm' as
standalone LSMs.
Otherwise, if we took existing LSMs, we should have defined
LSM_ID_INTEGRITY, associated to DEFINE_LSM(integrity).
If we proceed with the new direction, I will add the new LSM IDs as
soon as IMA and EVM become LSMs.
Roberto
> ---
> include/uapi/linux/lsm.h | 15 +++++++--------
> 1 file changed, 7 insertions(+), 8 deletions(-)
>
> diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h
> index eeda59a77c02..f0386880a78e 100644
> --- a/include/uapi/linux/lsm.h
> +++ b/include/uapi/linux/lsm.h
> @@ -54,14 +54,13 @@ struct lsm_ctx {
> #define LSM_ID_SELINUX 101
> #define LSM_ID_SMACK 102
> #define LSM_ID_TOMOYO 103
> -#define LSM_ID_IMA 104
> -#define LSM_ID_APPARMOR 105
> -#define LSM_ID_YAMA 106
> -#define LSM_ID_LOADPIN 107
> -#define LSM_ID_SAFESETID 108
> -#define LSM_ID_LOCKDOWN 109
> -#define LSM_ID_BPF 110
> -#define LSM_ID_LANDLOCK 111
> +#define LSM_ID_APPARMOR 104
> +#define LSM_ID_YAMA 105
> +#define LSM_ID_LOADPIN 106
> +#define LSM_ID_SAFESETID 107
> +#define LSM_ID_LOCKDOWN 108
> +#define LSM_ID_BPF 109
> +#define LSM_ID_LANDLOCK 110
>
> /*
> * LSM_ATTR_XXX definitions identify different LSM attributes
More information about the Linux-security-module-archive
mailing list