| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Sep 2018 08:20:50 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: David Laight <David.Laight@...LAB.COM>,
LSM <linux-security-module@...r.kernel.org>,
James Morris <jmorris@...ei.org>,
SE Linux <selinux@...ho.nsa.gov>,
LKLM <linux-kernel@...r.kernel.org>,
John Johansen <john.johansen@...onical.com>,
Kees Cook <keescook@...omium.org>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
Paul Moore <paul@...l-moore.com>,
Stephen Smalley <sds@...ho.nsa.gov>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
Alexey Dobriyan <adobriyan@...il.com>,
Mickaël Salaün <mic@...ikod.net>,
Salvatore Mesoraca <s.mesoraca16@...il.com>
Subject: Re: [PATCH v3 09/16] SELinux: Abstract use of file security blob
On 9/20/2018 1:51 AM, David Laight wrote:
> From: Casey Schaufler
>> Sent: 20 September 2018 01:21
>>
>> SELinux: Abstract use of file security blob
>>
>> Don't use the file->f_security pointer directly.
>> Provide a helper function that provides the security blob pointer.
> ...
>> +static inline struct file_security_struct *selinux_file(const struct file *file)
>> +{
>> + return file->f_security;
>> +}
>> +
> Why?
In patch 16/16 this becomes:
static inline struct file_security_struct *selinux_file(const struct file *file)
{
+#ifdef CONFIG_SECURITY_STACKING
+ return file->f_security + selinux_blob_sizes.lbs_file;
+#else
return file->f_security;
+#endif
}
You could hard code this bit everywhere it's used, but that
would be prone to error. I'm not generally an abstractionist
myself, but it these cases abstraction adds value.
Powered by blists - more mailing lists