Re: [PATCH v3 07/16] TOMOYO: Abstract use of cred security blob

From: Kees Cook
Date: Thu Sep 20 2018 - 13:13:23 EST

Next message: Tim Chen: "Re: [PATCH 2/2] x86/speculation: Provide application property based STIBP protection"
Previous message: Matthias Kaehlcke: "[PATCH v2] sysrq: Use panic() to force a crash"
In reply to: Casey Schaufler: "[PATCH v3 07/16] TOMOYO: Abstract use of cred security blob"
Next in thread: Casey Schaufler: "[PATCH v3 09/16] SELinux: Abstract use of file security blob"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 19, 2018 at 5:20 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> @@ -539,13 +557,16 @@ DEFINE_SRCU(tomoyo_ss);
> static int __init tomoyo_init(void)
> {
> struct cred *cred = (struct cred *) current_cred();
> + struct tomoyo_domain_info **blob;
>
> if (!security_module_enable("tomoyo"))
> return 0;
> +
> /* register ourselves with the security framework */
> security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo");
> printk(KERN_INFO "TOMOYO Linux initialized\n");
> - cred->security = &tomoyo_kernel_domain;
> + blob = tomoyo_cred(cred);
> + *blob = &tomoyo_kernel_domain;
> tomoyo_mm_init();
> return 0;
> }

This is missing "tomoyo_enabled = true;" which is included in the next
patch but should be here.

-Kees

--
Kees Cook
Pixel Security

Next message: Tim Chen: "Re: [PATCH 2/2] x86/speculation: Provide application property based STIBP protection"
Previous message: Matthias Kaehlcke: "[PATCH v2] sysrq: Use panic() to force a crash"
In reply to: Casey Schaufler: "[PATCH v3 07/16] TOMOYO: Abstract use of cred security blob"
Next in thread: Casey Schaufler: "[PATCH v3 09/16] SELinux: Abstract use of file security blob"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]