| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250621171851.5869-8-casey@schaufler-ca.com>
Date: Sat, 21 Jun 2025 10:18:42 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: casey@...aufler-ca.com,
paul@...l-moore.com,
eparis@...hat.com,
linux-security-module@...r.kernel.org,
audit@...r.kernel.org
Cc: jmorris@...ei.org,
serge@...lyn.com,
keescook@...omium.org,
john.johansen@...onical.com,
penguin-kernel@...ove.sakura.ne.jp,
stephen.smalley.work@...il.com,
linux-kernel@...r.kernel.org,
selinux@...r.kernel.org
Subject: [RFC PATCH 07/15] Audit: Call only the first of the audit rule hooks
The audit system is not (yet) capable for distinguishing
between audit rules specified for multiple security modules.
Call only the first registered of the audit rule hooks.
The order of registration, which can be specified with the
lsm= boot parameter, is hence an important consideration.
Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
---
security/security.c | 30 ++++++++++++++++++++++++++----
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/security/security.c b/security/security.c
index 2286285f8aea..93d4ac39fe9f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -5056,7 +5056,13 @@ void security_key_post_create_or_update(struct key *keyring, struct key *key,
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule,
gfp_t gfp)
{
- return call_int_hook(audit_rule_init, field, op, rulestr, lsmrule, gfp);
+ struct lsm_static_call *scall;
+
+ lsm_for_each_hook(scall, audit_rule_init) {
+ return scall->hl->hook.audit_rule_init(field, op, rulestr,
+ lsmrule, gfp);
+ }
+ return LSM_RET_DEFAULT(audit_rule_init);
}
/**
@@ -5070,7 +5076,12 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule,
*/
int security_audit_rule_known(struct audit_krule *krule)
{
- return call_int_hook(audit_rule_known, krule);
+ struct lsm_static_call *scall;
+
+ lsm_for_each_hook(scall, audit_rule_known) {
+ return scall->hl->hook.audit_rule_known(krule);
+ }
+ return LSM_RET_DEFAULT(audit_rule_known);
}
/**
@@ -5082,7 +5093,12 @@ int security_audit_rule_known(struct audit_krule *krule)
*/
void security_audit_rule_free(void *lsmrule)
{
- call_void_hook(audit_rule_free, lsmrule);
+ struct lsm_static_call *scall;
+
+ lsm_for_each_hook(scall, audit_rule_free) {
+ scall->hl->hook.audit_rule_free(lsmrule);
+ return;
+ }
}
/**
@@ -5101,7 +5117,13 @@ void security_audit_rule_free(void *lsmrule)
int security_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,
void *lsmrule)
{
- return call_int_hook(audit_rule_match, prop, field, op, lsmrule);
+ struct lsm_static_call *scall;
+
+ lsm_for_each_hook(scall, audit_rule_match) {
+ return scall->hl->hook.audit_rule_match(prop, field, op,
+ lsmrule);
+ }
+ return LSM_RET_DEFAULT(audit_rule_match);
}
#endif /* CONFIG_AUDIT */
--
2.47.0
Powered by blists - more mailing lists