[PATCH] lsm: drop LSM_ID_IMA

Casey Schaufler casey at schaufler-ca.com
Fri Oct 20 21:56:28 UTC 2023


On 10/19/2023 1:08 AM, Roberto Sassu wrote:
> On Wed, 2023-10-18 at 17:50 -0400, Paul Moore wrote:
>> When IMA becomes a proper LSM we will reintroduce an appropriate
>> LSM ID, but drop it from the userspace API for now in an effort
>> to put an end to debates around the naming of the LSM ID macro.
>>
>> Signed-off-by: Paul Moore <paul at paul-moore.com>
> Reviewed-by: Roberto Sassu <roberto.sassu at huawei.com>
>
> This makes sense according to the new goal of making 'ima' and 'evm' as
> standalone LSMs.
>
> Otherwise, if we took existing LSMs, we should have defined
> LSM_ID_INTEGRITY, associated to DEFINE_LSM(integrity).
>
> If we proceed with the new direction, I will add the new LSM IDs as
> soon as IMA and EVM become LSMs.

This seems right to me. Thank You.

>
> Roberto
>
>> ---
>>  include/uapi/linux/lsm.h | 15 +++++++--------
>>  1 file changed, 7 insertions(+), 8 deletions(-)
>>
>> diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h
>> index eeda59a77c02..f0386880a78e 100644
>> --- a/include/uapi/linux/lsm.h
>> +++ b/include/uapi/linux/lsm.h
>> @@ -54,14 +54,13 @@ struct lsm_ctx {
>>  #define LSM_ID_SELINUX		101
>>  #define LSM_ID_SMACK		102
>>  #define LSM_ID_TOMOYO		103
>> -#define LSM_ID_IMA		104
>> -#define LSM_ID_APPARMOR		105
>> -#define LSM_ID_YAMA		106
>> -#define LSM_ID_LOADPIN		107
>> -#define LSM_ID_SAFESETID	108
>> -#define LSM_ID_LOCKDOWN		109
>> -#define LSM_ID_BPF		110
>> -#define LSM_ID_LANDLOCK		111
>> +#define LSM_ID_APPARMOR		104
>> +#define LSM_ID_YAMA		105
>> +#define LSM_ID_LOADPIN		106
>> +#define LSM_ID_SAFESETID	107
>> +#define LSM_ID_LOCKDOWN		108
>> +#define LSM_ID_BPF		109
>> +#define LSM_ID_LANDLOCK		110
>>  
>>  /*
>>   * LSM_ATTR_XXX definitions identify different LSM attributes



More information about the Linux-security-module-archive mailing list