[PATCH] bpf: add security_file_post_open() LSM hook to sleepable_lsm_hooks
Paul Moore
paul at paul-moore.com
Tue Jun 18 19:44:35 UTC 2024
On Tue, Jun 18, 2024 at 3:29 PM Matt Bobrowski <mattbobrowski at google.com> wrote:
>
> The new generic LSM hook security_file_post_open() was recently added
> to the LSM framework in commit 8f46ff5767b0b ("security: Introduce
> file_post_open hook"). Let's proactively add this generic LSM hook to
> the sleepable_lsm_hooks BTF ID set, because I can't see there being
> any strong reasons not to, and it's only a matter of time before
> someone else comes around and asks for it to be there.
>
> security_file_post_open() is inherently sleepable as it's purposely
> situated in the kernel that allows LSMs to directly read out the
> contents of the backing file if need be. Additionally, it's called
> directly after securuty_file_open(), and that LSM hook in itself
*cough*
"security_file_open()"
*cough*
> already exists in the sleepable_lsm_hooks BTF ID set.
>
> Signed-off-by: Matt Bobrowski <mattbobrowski at google.com>
> ---
> kernel/bpf/bpf_lsm.c | 1 +
> 1 file changed, 1 insertion(+)
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list