Re: [PATCH 03/10] SELinux: Abstract use of cred security blob

From: Kees Cook
Date: Wed Sep 12 2018 - 19:10:34 EST

Next message: Russell King - ARM Linux: "Re: [BISECTED] Regression: Solidrun Clearfog Base won't boot since "PCI: mvebu: Only remap I/O space if configured""
Previous message: Leonardo BrÃs: "[PATCH] Optimize tests and remove shadowed local variable."
In reply to: Casey Schaufler: "[PATCH 03/10] SELinux: Abstract use of cred security blob"
Next in thread: Casey Schaufler: "[PATCH 04/10] LSM: Infrastructure management of the cred security blob"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 11, 2018 at 9:41 AM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> Don't use the cred->security pointer directly.
> Provide a helper function that provides the security blob pointer.
>
> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>

Like smack, this seems to be largely:

s/$identifier->security/selinux_cred($identifier)/
s/current_security()/selinux_cred(current_cred())/

Is that right? The one __task_cred() use seemed to be fully contained
under rcu read lock.

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

-Kees

--
Kees Cook
Pixel Security

Next message: Russell King - ARM Linux: "Re: [BISECTED] Regression: Solidrun Clearfog Base won't boot since "PCI: mvebu: Only remap I/O space if configured""
Previous message: Leonardo BrÃs: "[PATCH] Optimize tests and remove shadowed local variable."
In reply to: Casey Schaufler: "[PATCH 03/10] SELinux: Abstract use of cred security blob"
Next in thread: Casey Schaufler: "[PATCH 04/10] LSM: Infrastructure management of the cred security blob"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]