* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote:
> Index: linux-2.6.12/include/linux/security.h
> ===================================================================
> --- linux-2.6.12.orig/include/linux/security.h 2005-08-01
> 20:00:51.000000000 -0500
> +++ linux-2.6.12/include/linux/security.h 2005-08-01 20:23:52.000000000
> -0500
> @@ -44,24 +44,65 @@ struct security_list {
> };
>
>
> +static inline void *__get_value(void *head, int idx)
> +{
> + void **p = head + sizeof(struct hlist_head);
> +#if 0
> + printk(KERN_NOTICE "__get_value: %s (%d): head %lx p %lx idx %d
> returning %lx at %lx\n",
> + __FUNCTION__, __LINE__, (long)head, (long)p, idx, (long)p[idx],
> (long)&p[idx]);
> +#endif
> + return p[idx];
pr_debug
> +}
> +
> +static inline void __set_value(void *head, int idx, void *v)
> +{
> + void **p = head + sizeof(struct hlist_head);
> + p[idx] = v;
> +#if 0
> + printk(KERN_NOTICE "%s (%d): hd %lx, p %lx, idx %d,"
> + "v %lx, p[idx] %lx at %lx\n",
> + __FUNCTION__, __LINE__, (long) (head),
> + (long) p, idx, (long) (v),
> + (long)p[idx], (long)&p[idx]);
> +#endif
pr_debug
> Index: linux-2.6.12/security/Kconfig
> ===================================================================
> --- linux-2.6.12.orig/security/Kconfig 2005-08-01 20:00:51.000000000
> -0500
> +++ linux-2.6.12/security/Kconfig 2005-08-01 20:24:11.000000000 -0500
> @@ -112,5 +112,17 @@ config SECURITY_STACKER
> help
> Stack multiple LSMs.
>
> +config SECURITY_STACKER_NUMFIELDS
> + int "Number of security fields to reserve"
> + depends on SECURITY_STACKER
> + default 1
Not sure config is worth it, also, James had suggested smth like 3
slots.
> INIT_HLIST_HEAD(&inode->i_security);
> + memset(&inode->i_security_p, 0,
> + CONFIG_SECURITY_STACKER_NUMFIELDS*sizeof(void *));
This CONFIG... is a bit rough. Can we use a simple name, and if config
is necessary, assign config to simple name?
> inode->dirtied_when = 0;
> if (security_inode_alloc(inode)) {
> if (inode->i_sb->s_op->destroy_inode)
> Index: linux-2.6.12/include/linux/binfmts.h
> ===================================================================
> --- linux-2.6.12.orig/include/linux/binfmts.h 2005-08-01 20:00:50.000000000
> -0500
> +++ linux-2.6.12/include/linux/binfmts.h 2005-08-01 20:24:41.000000000
> -0500
> @@ -30,6 +30,7 @@ struct linux_binprm{
> int e_uid, e_gid;
> kernel_cap_t cap_inheritable, cap_permitted, cap_effective;
> struct hlist_head security;
> + void * security_p[CONFIG_SECURITY_STACKER_NUMFIELDS];
> int argc, envc;
> char * filename; /* Name of binary as seen by procps */
> char * interp; /* Name of the binary really executed. Most
> Index: linux-2.6.12/include/linux/fs.h
> ===================================================================
> --- linux-2.6.12.orig/include/linux/fs.h 2005-08-01 20:00:50.000000000
> -0500
> +++ linux-2.6.12/include/linux/fs.h 2005-08-01 20:24:55.000000000 -0500
> @@ -486,6 +486,7 @@ struct inode {
>
> atomic_t i_writecount;
> struct hlist_head i_security;
> + void
> *i_security_p[CONFIG_SECURITY_STACKER_NUMFIELDS];
James had suggested to effectively stash the list in the last slot, so
there's only the array with one reserved slot.
thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
