lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <af2cb126-6697-7439-371a-948958cea891@schaufler-ca.com>
Date:   Fri, 27 Dec 2019 07:59:38 -0800
From:   Casey Schaufler <casey@...aufler-ca.com>
To:     wenhuizhang <wenhui@...ail.gwu.edu>
Cc:     James Morris <jmorris@...ei.org>,
        Kees Cook <keescook@...omium.org>,
        Matthew Garrett <matthewgarrett@...gle.com>,
        David Howells <dhowells@...hat.com>,
        "Joel Fernandes (Google)" <joel@...lfernandes.org>,
        Micah Morton <mortonm@...omium.org>,
        Janne Karhunen <janne.karhunen@...il.com>,
        Richard Guy Briggs <rgb@...hat.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Signed-off-by: wenhuizhang <wenhui@...ail.gwu.edu>

On 12/26/2019 8:12 PM, wenhuizhang wrote:
> selinux/lsm-common: reorder and format security hooks
>   	Changes to be committed:
> 		modified:   include/linux/security.h
> 	Details:
> 		- add default hook for security_cred_getsecid

What is this for? Who uses it?

> 		- group hooks with functionalities and get coherent for orders

Clean-ups should be separate from "real" code changes.

> ---
>  include/linux/security.h | 46 +++++++++++++++++++---------------------
>  1 file changed, 22 insertions(+), 24 deletions(-)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 3e8d4bacd59d..14f580e37b24 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -462,10 +462,6 @@ static inline  int unregister_blocking_lsm_notifier(struct notifier_block *nb)
>  	return 0;
>  }
>  
> -static inline void security_free_mnt_opts(void **mnt_opts)
> -{
> -}
> -
>  /*
>   * This is the default capabilities functionality.  Most of these functions
>   * are just stubbed out, but a few must call the proper capable code.
> @@ -605,6 +601,9 @@ static inline int security_sb_alloc(struct super_block *sb)
>  static inline void security_sb_free(struct super_block *sb)
>  { }
>  
> +static inline void security_free_mnt_opts(void **mnt_opts)
> +{ }
> +
>  static inline int security_sb_eat_lsm_opts(char *options,
>  					   void **mnt_opts)
>  {
> @@ -679,20 +678,6 @@ static inline int security_move_mount(const struct path *from_path,
>  	return 0;
>  }
>  
> -static inline int security_path_notify(const struct path *path, u64 mask,
> -				unsigned int obj_type)
> -{
> -	return 0;
> -}
> -
> -static inline int security_inode_alloc(struct inode *inode)
> -{
> -	return 0;
> -}
> -
> -static inline void security_inode_free(struct inode *inode)
> -{ }
> -
>  static inline int security_dentry_init_security(struct dentry *dentry,
>  						 int mode,
>  						 const struct qstr *name,
> @@ -710,6 +695,19 @@ static inline int security_dentry_create_files_as(struct dentry *dentry,
>  	return 0;
>  }
>  
> +static inline int security_path_notify(const struct path *path, u64 mask,
> +				unsigned int obj_type)
> +{
> +	return 0;
> +}
> +
> +static inline int security_inode_alloc(struct inode *inode)
> +{
> +	return 0;
> +}
> +
> +static inline void security_inode_free(struct inode *inode)
> +{ }
>  
>  static inline int security_inode_init_security(struct inode *inode,
>  						struct inode *dir,
> @@ -982,8 +980,10 @@ static inline int security_prepare_creds(struct cred *new,
>  
>  static inline void security_transfer_creds(struct cred *new,
>  					   const struct cred *old)
> -{
> -}
> +{ }
> +
> +static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
> +{ }
>  
>  static inline int security_kernel_act_as(struct cred *cred, u32 secid)
>  {
> @@ -1249,12 +1249,10 @@ static inline int security_secctx_to_secid(const char *secdata,
>  }
>  
>  static inline void security_release_secctx(char *secdata, u32 seclen)
> -{
> -}
> +{ }
>  
>  static inline void security_inode_invalidate_secctx(struct inode *inode)
> -{
> -}
> +{ }
>  
>  static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
>  {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ