* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: > Index: linux-2.6.12/include/linux/security.h > =================================================================== > --- linux-2.6.12.orig/include/linux/security.h 2005-08-01 > 20:00:51.000000000 -0500 > +++ linux-2.6.12/include/linux/security.h 2005-08-01 20:23:52.000000000 > -0500 > @@ -44,24 +44,65 @@ struct security_list { > }; > > > +static inline void *__get_value(void *head, int idx) > +{ > + void **p = head + sizeof(struct hlist_head); > +#if 0 > + printk(KERN_NOTICE "__get_value: %s (%d): head %lx p %lx idx %d > returning %lx at %lx\n", > + __FUNCTION__, __LINE__, (long)head, (long)p, idx, (long)p[idx], > (long)&p[idx]); > +#endif > + return p[idx];
pr_debug > +} > + > +static inline void __set_value(void *head, int idx, void *v) > +{ > + void **p = head + sizeof(struct hlist_head); > + p[idx] = v; > +#if 0 > + printk(KERN_NOTICE "%s (%d): hd %lx, p %lx, idx %d," > + "v %lx, p[idx] %lx at %lx\n", > + __FUNCTION__, __LINE__, (long) (head), > + (long) p, idx, (long) (v), > + (long)p[idx], (long)&p[idx]); > +#endif pr_debug > Index: linux-2.6.12/security/Kconfig > =================================================================== > --- linux-2.6.12.orig/security/Kconfig 2005-08-01 20:00:51.000000000 > -0500 > +++ linux-2.6.12/security/Kconfig 2005-08-01 20:24:11.000000000 -0500 > @@ -112,5 +112,17 @@ config SECURITY_STACKER > help > Stack multiple LSMs. > > +config SECURITY_STACKER_NUMFIELDS > + int "Number of security fields to reserve" > + depends on SECURITY_STACKER > + default 1 Not sure config is worth it, also, James had suggested smth like 3 slots. > INIT_HLIST_HEAD(&inode->i_security); > + memset(&inode->i_security_p, 0, > + CONFIG_SECURITY_STACKER_NUMFIELDS*sizeof(void *)); This CONFIG... is a bit rough. Can we use a simple name, and if config is necessary, assign config to simple name? > inode->dirtied_when = 0; > if (security_inode_alloc(inode)) { > if (inode->i_sb->s_op->destroy_inode) > Index: linux-2.6.12/include/linux/binfmts.h > =================================================================== > --- linux-2.6.12.orig/include/linux/binfmts.h 2005-08-01 20:00:50.000000000 > -0500 > +++ linux-2.6.12/include/linux/binfmts.h 2005-08-01 20:24:41.000000000 > -0500 > @@ -30,6 +30,7 @@ struct linux_binprm{ > int e_uid, e_gid; > kernel_cap_t cap_inheritable, cap_permitted, cap_effective; > struct hlist_head security; > + void * security_p[CONFIG_SECURITY_STACKER_NUMFIELDS]; > int argc, envc; > char * filename; /* Name of binary as seen by procps */ > char * interp; /* Name of the binary really executed. Most > Index: linux-2.6.12/include/linux/fs.h > =================================================================== > --- linux-2.6.12.orig/include/linux/fs.h 2005-08-01 20:00:50.000000000 > -0500 > +++ linux-2.6.12/include/linux/fs.h 2005-08-01 20:24:55.000000000 -0500 > @@ -486,6 +486,7 @@ struct inode { > > atomic_t i_writecount; > struct hlist_head i_security; > + void > *i_security_p[CONFIG_SECURITY_STACKER_NUMFIELDS]; James had suggested to effectively stash the list in the last slot, so there's only the array with one reserved slot. thanks, -chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/