[PATCH 4/6] LSM: Infrastructure management of the dev_tun blob
Paul Moore
paul at paul-moore.com
Tue Jul 9 22:08:03 UTC 2024
On Jul 8, 2024 Casey Schaufler <casey at schaufler-ca.com> wrote:
>
> Move management of the dev_tun security blob out of the individual
> security modules and into the LSM infrastructure. The security modules
> tell the infrastructure how much space they require at initialization.
>
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> ---
> include/linux/lsm_hook_defs.h | 2 +-
> include/linux/lsm_hooks.h | 1 +
> security/security.c | 11 ++++++++++-
> security/selinux/hooks.c | 22 ++++++----------------
> security/selinux/include/objsec.h | 6 ++++++
> 5 files changed, 24 insertions(+), 18 deletions(-)
...
> diff --git a/security/security.c b/security/security.c
> index 438ec6708eb3..2c9d075f5f92 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -4864,6 +4872,7 @@ EXPORT_SYMBOL(security_tun_dev_alloc_security);
> void security_tun_dev_free_security(void *security)
> {
> call_void_hook(tun_dev_free_security, security);
> + kfree(security);
> }
> EXPORT_SYMBOL(security_tun_dev_free_security);
If we removed key_free in patch 2/6, we should probably do the same
here for the same reasons. Don't forget to mention it in the commit
description.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list