Re: [patch 0/15] lsm stacking v0.3: intro
From: Tony Jones
Date: Sat Jul 30 2005 - 00:14:26 EST
On Wed, Jul 27, 2005 at 01:17:32PM -0500, serue@xxxxxxxxxx wrote:
Hi Serge.
A few trivial things I noticed whilst writing some internal documentation
on Stacker. Nothing deep here, but thought I'd pass them along.
I'll try to actually try out the code next week.
I made these notes as I was going along, lmk if you need them annotated
to the original patch and I'll go back and redo.
Thanks again
Tony
1) Documentation refers to /security/stacker/list_modules, code refers to
"listmodules". list_modules is more consistent with other file names.
2) symbol_get(ops) still at the end of stacker_register.
3) struct module_entry{
struct list_head lsm_list; /* list of active lsms */
struct list_head all_lsms; /* list of active lsms */
fix comments
4) Would it be useful to change the struct elements lsm_list and all_lsms to
be consistent with their list heads (stacked_modules and all_modules).
5) /*
* Workarounds for the fact that get and setprocattr are used only by
* selinux. (Maybe)
*/
No complaints on selinux getting to avoid the (module), they are intree.
Just a FYI that SubDomain/AppArmor uses these hooks also.
6) stop_responding control file is misnamed, as stacker still continues to work
it just removes the virtual file system
7) Does the lsm_list really need to be at the top of the struct? Good style
but not sure it is required (must).
8) security-stack.h
* If stacker is compiled in, then we use the full functions as
* defined in security/security.c. Otherwise we use the #defines
* here.
I noticed the conditional CONFIG_SECURITY_STACKER code went away, previously
it would look at the value chain head only for the !case. But this comment
still remains.
> Hi,
>
> The set of patches to follow introduces support for stacking LSMs. This
> is its third posting to lkml. I am sending it out in the hopes of
> soliciting more widespread feedback and testing, with the obvious eventual
> goal of mainline adoption.
>
> Any feedback from people actually using this patch is appreciated. Even
> better would be posts of (stackable) LSMs for upstream inclusion :)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/