lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Oct 2018 14:17:10 -0700 From: John Johansen <john.johansen@...onical.com> To: Kees Cook <keescook@...omium.org>, James Morris <jmorris@...ei.org> Cc: Casey Schaufler <casey@...aufler-ca.com>, Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, Paul Moore <paul@...l-moore.com>, Stephen Smalley <sds@...ho.nsa.gov>, "Schaufler, Casey" <casey.schaufler@...el.com>, LSM <linux-security-module@...r.kernel.org>, Jonathan Corbet <corbet@....net>, linux-doc@...r.kernel.org, linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH security-next v3 12/29] LSM: Provide separate ordered initialization On 09/24/2018 05:18 PM, Kees Cook wrote: > This provides a place for ordered LSMs to be initialized, separate from > the "major" LSMs. This is mainly a copy/paste from major_lsm_init() to > ordered_lsm_init(), but it will change drastically in later patches. > > What is not obvious in the patch is that this change moves the integrity > LSM from major_lsm_init() into ordered_lsm_init(), since it is not marked > with the LSM_FLAG_LEGACY_MAJOR. As it is the only LSM in the "ordered" > list, there is no reordering yet created. > > Signed-off-by: Kees Cook <keescook@...omium.org> I know its already being done, but I don't like splitting the init order Reviewed-by: John Johansen <john.johansen@...onical.com> > --- > security/security.c | 21 +++++++++++++++++++++ > 1 file changed, 21 insertions(+) > > diff --git a/security/security.c b/security/security.c > index 1f055936a746..a886a978214a 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -52,12 +52,30 @@ static bool debug __initdata; > pr_info(__VA_ARGS__); \ > } while (0) > > +static void __init ordered_lsm_init(void) > +{ > + struct lsm_info *lsm; > + int ret; > + > + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { > + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) != 0) > + continue; > + > + init_debug("initializing %s\n", lsm->name); > + ret = lsm->init(); > + WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); > + } > +} > + > static void __init major_lsm_init(void) > { > struct lsm_info *lsm; > int ret; > > for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { > + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0) > + continue; > + > init_debug("initializing %s\n", lsm->name); > ret = lsm->init(); > WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); > @@ -87,6 +105,9 @@ int __init security_init(void) > yama_add_hooks(); > loadpin_add_hooks(); > > + /* Load LSMs in specified order. */ > + ordered_lsm_init(); > + > /* > * Load all the remaining security modules. > */ >
Powered by blists - more mailing lists