On Wed, Aug 26, 2020 at 11:04 AM Casey Schaufler <ca...@schaufler-ca.com> wrote: > > Change the secid parameter of security_audit_rule_match > to a lsmblob structure pointer. Pass the entry from the > lsmblob structure for the approprite slot to the LSM hook. > > Change the users of security_audit_rule_match to use the > lsmblob instead of a u32. The scaffolding function lsmblob_init() > fills the blob with the value of the old secid, ensuring that > it is available to the appropriate module hook. The sources of > the secid, security_task_getsecid() and security_inode_getsecid(), > will be converted to use the blob structure later in the series. > At the point the use of lsmblob_init() is dropped. > > Reviewed-by: Kees Cook <keesc...@chromium.org> > Reviewed-by: John Johansen <john.johan...@canonical.com> > Acked-by: Stephen Smalley <s...@tycho.nsa.gov> > Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com> > --- > include/linux/security.h | 7 ++++--- > kernel/auditfilter.c | 6 ++++-- > kernel/auditsc.c | 14 ++++++++++---- > security/integrity/ima/ima.h | 4 ++-- > security/integrity/ima/ima_policy.c | 7 +++++-- > security/security.c | 10 ++++++++-- > 6 files changed, 33 insertions(+), 15 deletions(-)
Acked-by: Paul Moore <p...@paul-moore.com> -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
