[PATCH v4 7/20] lsm: Refactor return value of LSM hook setprocattr

Xu Kuohai xukuohai at huaweicloud.com
Sat Jul 20 09:31:44 UTC 2024


On 7/19/2024 10:08 AM, Paul Moore wrote:
> On Jul 11, 2024 Xu Kuohai <xukuohai at huaweicloud.com> wrote:
>>
>> To be consistent with most LSM hooks, convert the return value of
>> hook setprocattr to 0 or a negative error code.
>>
>> Before:
>> - Hook setprocattr returns the number of bytes written on success
>>    or a negative error code on failure.
>>
>> After:
>> - Hook setprocattr returns 0 on success or a negative error code
>>    on failure. An output parameter @wbytes is introduced to hold
>>    the number of bytes written on success.
>>
>> Signed-off-by: Xu Kuohai <xukuohai at huawei.com>
>> ---
>>   fs/proc/base.c                |  5 +++--
>>   include/linux/lsm_hook_defs.h |  3 ++-
>>   include/linux/security.h      |  5 +++--
>>   security/apparmor/lsm.c       | 10 +++++++---
>>   security/security.c           |  8 +++++---
>>   security/selinux/hooks.c      | 11 ++++++++---
>>   security/smack/smack_lsm.c    | 14 ++++++++++----
>>   7 files changed, 38 insertions(+), 18 deletions(-)
> 
> The security_setprocattr() hook is another odd case that we probably
> just want to leave alone for two reasons:
> 
> 1. With the move to LSM syscalls for getting/setting a task's LSM
> attributes we are "freezing" the procfs API and not adding any new
> entries to it.
> 
> 2. The BPF LSM doesn't currently register any procfs entries.
> 
> I'd suggest leaving security_setprocattr() as-is and blocking it in
> the BPF verifier, I can't see any reason why a BPF LSM would need
> this hook.
> 
OK, I'll drop this patch in the next version.




More information about the Linux-security-module-archive mailing list