lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEjxPJ5PVAK2LnzzkjjwZ-FtiXPeyrE8ZGCDxxCpY_AvTY3M4w@mail.gmail.com>
Date:   Wed, 13 Sep 2023 14:03:09 -0400
From:   Stephen Smalley <stephen.smalley.work@...il.com>
To:     Paul Moore <paul@...l-moore.com>
Cc:     Christian Göttsche <cgzones@...glemail.com>,
        selinux@...r.kernel.org, Eric Paris <eparis@...isplace.org>,
        Ondrej Mosnacek <omosnace@...hat.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/6] selinux: dump statistics for more hash tables

On Wed, Sep 13, 2023 at 12:12 PM Paul Moore <paul@...l-moore.com> wrote:
>
> On Thu, Sep 7, 2023 at 1:42 PM Stephen Smalley
> <stephen.smalley.work@...il.com> wrote:
> > On Fri, Aug 18, 2023 at 11:12 AM Christian Göttsche
> > <cgzones@...glemail.com> wrote:
> > >
> > > Dump in the SELinux debug configuration the statistics for the
> > > conditional rules avtab, the role transition, and class and common
> > > permission hash tables.
> > >
> > > Signed-off-by: Christian Göttsche <cgzones@...glemail.com>
> > > ---
> >
> > > diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> > > index 84f02d4f8093..932e383bcad6 100644
> > > --- a/security/selinux/ss/policydb.c
> > > +++ b/security/selinux/ss/policydb.c
> > > @@ -1158,6 +1158,8 @@ static int common_read(struct policydb *p, struct symtab *s, void *fp)
> > >                         goto bad;
> > >         }
> > >
> > > +       hash_eval(&comdatum->permissions.table, "common_permissions");
> > > +
> > >         rc = symtab_insert(s, key, comdatum);
> > >         if (rc)
> > >                 goto bad;
> > > @@ -1339,6 +1341,8 @@ static int class_read(struct policydb *p, struct symtab *s, void *fp)
> > >                         goto bad;
> > >         }
> > >
> > > +       hash_eval(&cladatum->permissions.table, "class_permissions");
> > > +
> > >         rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp);
> > >         if (rc)
> > >                 goto bad;
> >
> > Do we want to embed the actual common and class keys in the output to
> > distinguish among the multiple common and class permissions tables?
>
> That seems reasonable, were you thinking of just adding it to the
> hash_eval()'s hash name string, e.g. "common_permissions[XXX]"?

Yes, otherwise you get a bunch of common_permissions and
class_permissions lines with no way to correlate.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ