[PATCH] security: use default hook return value in call_int_hook()

Paul Moore paul at paul-moore.com
Tue Feb 13 23:10:17 UTC 2024


On Tue, Jan 30, 2024 at 7:57 AM Ondrej Mosnacek <omosnace at redhat.com> wrote:
>
> Change the definition of call_int_hook() to treat LSM_RET_DEFAULT(...)
> as the "continue" value instead of 0. To further simplify this macro,
> also drop the IRC argument and replace it with LSM_RET_DEFAULT(...).
>
> After this the macro can be used in a couple more hooks, where similar
> logic is currently open-coded. At the same time, some other existing
> call_int_hook() users now need to be open-coded, but overall it's still
> a net simplification.
>
> There should be no functional change resulting from this patch.
>
> Signed-off-by: Ondrej Mosnacek <omosnace at redhat.com>
> ---
>  security/security.c | 525 +++++++++++++++++++-------------------------
>  1 file changed, 221 insertions(+), 304 deletions(-)

Ignoring the minor suggestion from Casey for a moment, I like this
patch, thank you for submitting it, but unfortunately it is a bit
stuck as we wait to see where some other patches land.  I'm not going
to forget about this patch, but it may end up having to wait until
after the upcoming merge window closes before I can merge it.  As
usual, I'll let you know once it's merged.

Thanks for your patience and the patch!

--
paul-moore.com



More information about the Linux-security-module-archive mailing list