On 27/09/2022 21:53, Casey Schaufler wrote:
Move management of the sock->sk_security blob out
of the individual security modules and into the security
infrastructure. Instead of allocating the blobs from within
the modules the modules tell the infrastructure how much
space is required, and the
Please Cc me for the next versions.
On 27/09/2022 21:53, Casey Schaufler wrote:
Create a struct lsm_id to contain identifying information
about Linux Security Modules (LSMs). At inception this contains
a single member, which is the name of the module. Change the
security_add_hooks() interface t
On 27/09/2022 21:54, Casey Schaufler wrote:
Create two new prctl() options PR_LSM_ATTR_SET and PR_LSM_ATTR_GET
which change and report the Interface LSM respectively.
The LSM ID number of an active LSM that supplies hooks for
human readable data may be passed in the arg2 value with the
PR_LSM_
At least linux-...@vger.kernel.org should be in Cc for new syscalls.
You need a dedicated patch to wire this syscall with all architectures.
It will help a lot dealing with merge conflicts because of other new
syscalls. You can take a look at the Landlock syscall implementations:
https://git.k
On 27/09/2022 21:53, Casey Schaufler wrote:
Add an integer member "id" to the struct lsm_id. This value is
a unique identifier associated with each security module. The
values are defined in a new UAPI header file. Each existing LSM
has been updated to include it's LSMID in the lsm_id.
Signed-
On 27/09/2022 21:53, Casey Schaufler wrote:
When more than one security module is exporting data to
audit and networking sub-systems a single 32 bit integer
is no longer sufficient to represent the data. Add a
structure to be used instead.
The lsmblob structure is currently an array of
u32 "se
On 27/09/2022 22:31, Casey Schaufler wrote:
Create a system call to report the list of Linux Security Modules
that are active on the system. The list is provided as an array
of LSM ID numbers.
With lsm_self_attr(), this would look like a dir/file structure.
Would it be useful for user space
On Tue, Sep 27, 2022 at 01:31:55PM -0700, Casey Schaufler wrote:
> +SYSCALL_DEFINE3(lsm_module_list,
> +unsigned int __user *, ids,
> +size_t __user *, size,
> +int, flags)
Please make this unsigned int.
> +{
> + unsigned int *interum;
> + size_t total_