| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Jun 2024 09:57:14 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Roberto Sassu <roberto.sassu@...weicloud.com>,
Paul Moore
<paul@...l-moore.com>
Cc: Roberto Sassu <roberto.sassu@...wei.com>,
linux-security-module@...r.kernel.org, jmorris@...ei.org,
serge@...lyn.com, keescook@...omium.org, john.johansen@...onical.com,
penguin-kernel@...ove.sakura.ne.jp, stephen.smalley.work@...il.com,
linux-kernel@...r.kernel.org, mic@...ikod.net,
linux-integrity@...r.kernel.org,
Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH v39 01/42] integrity: disassociate ima_filter_rule from
security_audit_rule
On Mon, 2024-06-24 at 10:45 +0200, Roberto Sassu wrote:
> My only comment would be that I would not call the new functions with
> the ima_ prefix, being those in security.c, which is LSM agnostic, but
> I would rather use a name that more resembles the differences, if any.
Commit 4af4662fa4a9 ("integrity: IMA policy") originally referred to these hooks
as security_filter_rule_XXXX, but commit b8867eedcf76 ("ima: Rename internal
filter rule functions") renamed the function to ima_filter_rule_XXX) to avoid
security namespace polution.
If these were regular security hooks, the hooks would be named:
filter_rule_init, filter_rule_free, filter_rule_match with the matching
"security" prefix functions. Audit and IMA would then register the hooks.
I agree these functions should probably be renamed again, probably to
security_ima_filter_rule_XXXX.
Mimi
Powered by blists - more mailing lists