Re: [PATCH v3 01/13] LSM: Add the lsm_prop data structure.

From: Konstantin Andreev
Date: Fri Sep 13 2024 - 16:49:26 EST

Next message: linux: "[PATCH] fs/ntfs3: Remove unused al_delete_le"
Previous message: James Houghton: "Re: [PATCH 03/11] objtool: Convert ANNOTATE_RETPOLINE_SAFE to ANNOTATE"
In reply to: Casey Schaufler: "[PATCH v3 01/13] LSM: Add the lsm_prop data structure."
Next in thread: Paul Moore: "Re: [PATCH v3 01/13] LSM: Add the lsm_prop data structure."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Casey Schaufler, 10 Sep 2024:

...
The lsm_prop structure definition is intended to keep the LSM
specific information private to the individual security modules.
...
index 1390f1efb4f0..1027c802cc8c 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -140,6 +144,22 @@ enum lockdown_reason {
+
+/*
+ * Data exported by the security modules
+ */
+struct lsm_prop {
+ struct lsm_prop_selinux selinux;
+ struct lsm_prop_smack smack;
+ struct lsm_prop_apparmor apparmor;
+ struct lsm_prop_bpf bpf;
+ struct lsm_prop_scaffold scaffold;
+};

This design prevents compiling and loading out-of-tree 3rd party LSM, am I right?

Out-of-tree LSM's were discussed recently at

https://lore.kernel.org/linux-security-module/efb8f264-f80e-43b2-8ea3-fcc9789520ec@xxxxxxxxxxxxxxxxxxx/T/
https://lore.kernel.org/linux-security-module/960e740f-e5d9-409b-bb2a-8bdceffaae95@xxxxxxxxxxxxxxxxxxx/T/

but it looks like a final decision to ban them is not taken yet.
--
Konstantin Andreev

Next message: linux: "[PATCH] fs/ntfs3: Remove unused al_delete_le"
Previous message: James Houghton: "Re: [PATCH 03/11] objtool: Convert ANNOTATE_RETPOLINE_SAFE to ANNOTATE"
In reply to: Casey Schaufler: "[PATCH v3 01/13] LSM: Add the lsm_prop data structure."
Next in thread: Paul Moore: "Re: [PATCH v3 01/13] LSM: Add the lsm_prop data structure."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]