[PATCH 4/6] LSM: Infrastructure management of the dev_tun blob

Paul Moore paul at paul-moore.com
Tue Jul 9 22:08:03 UTC 2024


On Jul  8, 2024 Casey Schaufler <casey at schaufler-ca.com> wrote:
> 
> Move management of the dev_tun security blob out of the individual
> security modules and into the LSM infrastructure.  The security modules
> tell the infrastructure how much space they require at initialization.
> 
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> ---
>  include/linux/lsm_hook_defs.h     |  2 +-
>  include/linux/lsm_hooks.h         |  1 +
>  security/security.c               | 11 ++++++++++-
>  security/selinux/hooks.c          | 22 ++++++----------------
>  security/selinux/include/objsec.h |  6 ++++++
>  5 files changed, 24 insertions(+), 18 deletions(-)

...

> diff --git a/security/security.c b/security/security.c
> index 438ec6708eb3..2c9d075f5f92 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -4864,6 +4872,7 @@ EXPORT_SYMBOL(security_tun_dev_alloc_security);
>  void security_tun_dev_free_security(void *security)
>  {
>  	call_void_hook(tun_dev_free_security, security);
> +	kfree(security);
>  }
>  EXPORT_SYMBOL(security_tun_dev_free_security);

If we removed key_free in patch 2/6, we should probably do the same
here for the same reasons.  Don't forget to mention it in the commit
description.

--
paul-moore.com



More information about the Linux-security-module-archive mailing list