[PATCH bpf-next 7/8] security,bpf: constify struct path in bpf_token_create() LSM hook
Andrii Nakryiko
andrii.nakryiko at gmail.com
Tue Aug 27 23:30:11 UTC 2024
On Tue, Aug 27, 2024 at 4:21 PM Paul Moore <paul at paul-moore.com> wrote:
>
> On Tue, Aug 27, 2024 at 7:02 PM Andrii Nakryiko
> <andrii.nakryiko at gmail.com> wrote:
> > On Tue, Aug 13, 2024 at 4:03 PM Andrii Nakryiko <andrii at kernel.org> wrote:
> > >
> > > There is no reason why struct path pointer shouldn't be const-qualified
> > > when being passed into bpf_token_create() LSM hook. Add that const.
> > >
> > > Suggested-by: Al Viro <viro at zeniv.linux.org.uk>
> > > Signed-off-by: Andrii Nakryiko <andrii at kernel.org>
> > > ---
> > > include/linux/lsm_hook_defs.h | 2 +-
> > > include/linux/security.h | 4 ++--
> > > security/security.c | 2 +-
> > > security/selinux/hooks.c | 2 +-
> > > 4 files changed, 5 insertions(+), 5 deletions(-)
> > >
> >
> > Paul,
> >
> > I just realized that I originally forgot to cc you and
> > linux-security-modules@ on this entire patch set and I apologize for
> > that. You can find the entire series at [0], if you'd like to see a
> > bit wider context.
> >
> > But if you can, please check this patch specifically and give your
> > ack, if it's fine with you.
>
> Hi Andrii,
>
> Thanks for sending an email about this, many maintainers don't
> remember to CC the LSM list when making changes like this and I really
> appreciate it when people do, so thank you for that (even if it is a
> teeny bit late <g>). To be honest, I saw this patch back on the 14th
Yep, my bad, I will try to be less forgetful next time. Thanks for a
quick reply and your ack!
> as I've got some tools which watch for LSM/security related commits
> hitting linux-next or Linus' tree that don't originate from one of the
> LSM trees and I thought it looked okay, my ACK is below.
>
> > Ideally we land this patch together with the rest of Al's and mine
> > refactorings, as it allows us to avoid that ugly path_get/path_put
> > workaround that was added by Al initially (see [1]). LSM-specific
> > changes are pretty trivial and hopefully are not controversial.
>
> Acked-by: Paul Moore <paul at paul-moore.com> (LSM/SELinux)
>
> --
> paul-moore.com
More information about the Linux-security-module-archive
mailing list