[PATCH 5/6] LSM: Infrastructure management of the infiniband blob
Paul Moore
paul at paul-moore.com
Tue Jul 9 22:08:04 UTC 2024
On Jul 8, 2024 Casey Schaufler <casey at schaufler-ca.com> wrote:
>
> Move management of the infiniband security blob out of the individual
> security modules and into the LSM infrastructure. The security modules
> tell the infrastructure how much space they require at initialization.
>
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> ---
> include/linux/lsm_hook_defs.h | 2 +-
> include/linux/lsm_hooks.h | 1 +
> security/security.c | 11 ++++++++++-
> security/selinux/hooks.c | 16 +++-------------
> security/selinux/include/objsec.h | 6 ++++++
> 5 files changed, 21 insertions(+), 15 deletions(-)
...
> diff --git a/security/security.c b/security/security.c
> index 2c9d075f5f92..731a54fabc79 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -5081,6 +5089,7 @@ EXPORT_SYMBOL(security_ib_alloc_security);
> void security_ib_free_security(void *sec)
> {
> call_void_hook(ib_free_security, sec);
> + kfree(sec);
> }
> EXPORT_SYMBOL(security_ib_free_security);
Same comment as elsewhere, let's be consistent with the *free() hooks,
either we keep them or we remove them if unused (preferable).
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list