[PATCH] lsm: add reserved flag in lsm_prop struct
Casey Schaufler
casey at schaufler-ca.com
Fri Dec 6 17:31:11 UTC 2024
On 12/6/2024 3:41 AM, 15074444048 at 163.com wrote:
> From: lihaojie <lihaojie at kylinos.cn>
>
> lsm_prop size is controled by macro, lsm_prop size will be 0
> when marco don't define. add flag to alloc sm_prop basic size.
>
> empty struct will make target_ref & target_comm in audit_context
> located at the same address, __member_size of target_comm is
> same as __member_size of target_ref, so strscpy warn buffer
> overflow when compile time.
Can you cite where this warning occurs?
>
> Signed-off-by: lihaojie <lihaojie at kylinos.cn>
> ---
> include/linux/security.h | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index cbdba435b798..f502deecb142 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -164,6 +164,7 @@ struct lsm_prop {
> struct lsm_prop_smack smack;
> struct lsm_prop_apparmor apparmor;
> struct lsm_prop_bpf bpf;
> + u8 reserved;
> };
I don't care much for this approach. Increasing the size of the structure
to avoid a warning in the case where it isn't used seems problematic.
>
> extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
More information about the Linux-security-module-archive
mailing list