[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a9ed5a1a545e177f2491e132924d2b9a2a70496d.camel@linux.ibm.com>
Date: Wed, 11 Oct 2023 16:17:31 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Roberto Sassu <roberto.sassu@...weicloud.com>,
viro@...iv.linux.org.uk, brauner@...nel.org,
chuck.lever@...cle.com, jlayton@...nel.org, neilb@...e.de,
kolga@...app.com, Dai.Ngo@...cle.com, tom@...pey.com,
dmitry.kasatkin@...il.com, paul@...l-moore.com, jmorris@...ei.org,
serge@...lyn.com, dhowells@...hat.com, jarkko@...nel.org,
stephen.smalley.work@...il.com, eparis@...isplace.org,
casey@...aufler-ca.com
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-nfs@...r.kernel.org, linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
selinux@...r.kernel.org, Roberto Sassu <roberto.sassu@...wei.com>,
Stefan Berger <stefanb@...ux.ibm.com>
Subject: Re: [PATCH v3 04/25] ima: Align ima_file_mprotect() definition with
LSM infrastructure
On Wed, 2023-10-11 at 17:43 +0200, Roberto Sassu wrote:
> On Wed, 2023-10-11 at 10:51 -0400, Mimi Zohar wrote:
> > On Mon, 2023-09-04 at 15:33 +0200, Roberto Sassu wrote:
> > > From: Roberto Sassu <roberto.sassu@...wei.com>
> > >
> > > Change ima_file_mprotect() definition, so that it can be registered
> > > as implementation of the file_mprotect hook.
> > >
> > > Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> > > Reviewed-by: Stefan Berger <stefanb@...ux.ibm.com>
> > > ---
> > > include/linux/ima.h | 5 +++--
> > > security/integrity/ima/ima_main.c | 6 ++++--
> > > security/security.c | 2 +-
> > > 3 files changed, 8 insertions(+), 5 deletions(-)
> > >
> > > diff --git a/include/linux/ima.h b/include/linux/ima.h
> > > index 893c3b98b4d0..56e72c0beb96 100644
> > > --- a/include/linux/ima.h
> > > +++ b/include/linux/ima.h
> > > @@ -24,7 +24,8 @@ extern void ima_post_create_tmpfile(struct mnt_idmap *idmap,
> > > extern void ima_file_free(struct file *file);
> > > extern int ima_file_mmap(struct file *file, unsigned long reqprot,
> > > unsigned long prot, unsigned long flags);
> > > -extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
> > > +int ima_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
> > > + unsigned long prot);
> >
> > "extern" is needed here and similarly in 5/25.
>
> I removed because of a complain from checkpatch.pl --strict.
Intermixing with/without "extern" looks weird. I would suggest
removing all the externs as a separate patch, but they're being removed
in "[PATCH v3 21/25] ima: Move to LSM infrastructure" anyway. For now
I would include the "extern".
--
thanks,
Mimi
Powered by blists - more mailing lists