[PATCH v2 security-next 1/4] security: Hornet LSM
James Bottomley
James.Bottomley at HansenPartnership.com
Mon Apr 21 19:03:39 UTC 2025
On Mon, 2025-04-21 at 14:52 -0400, Paul Moore wrote:
> On Sat, Apr 19, 2025 at 2:43 PM James Bottomley
> <James.Bottomley at hansenpartnership.com> wrote:
> > On Fri, 2025-04-04 at 14:54 -0700, Blaise Boscaccy wrote:
> > [...]
> > > diff --git a/include/linux/kernel_read_file.h
> > > b/include/linux/kernel_read_file.h
> > > index 90451e2e12bd..7ed9337be542 100644
> > > --- a/include/linux/kernel_read_file.h
> > > +++ b/include/linux/kernel_read_file.h
> > > @@ -14,6 +14,7 @@
> > > id(KEXEC_INITRAMFS, kexec-initramfs) \
> > > id(POLICY, security-policy) \
> > > id(X509_CERTIFICATE, x509-certificate) \
> > > + id(EBPF, ebpf) \
> >
> > This causes a BUILD_BUG_ON for me in security/selinux/hooks.c with
> > CONFIG_SECURITY_SELINUX=y because READING_MAX_ID and LOADING_MAX_ID
> > become 8.
> >
> > Below is what I had to do to get the compile to work.
>
> That code was updated during the v6.15 merge window, depending on
> what kernel sources Blaise is using for development it's possible he
> didn't bump into this even if he was building with SELinux enabled.
Sorry I should have said I pulled the patches into 6.15-rc2 to play
with them (hence I did pick up everything in the recent merge window).
Regards,
James
More information about the Linux-security-module-archive
mailing list