Re: [PATCH v38 08/39] LSM: Infrastructure management of the sock security

On 27/09/2022 21:53, Casey Schaufler wrote: Move management of the sock->sk_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the

Re: [PATCH v38 01/39] LSM: Identify modules by more than name

Please Cc me for the next versions. On 27/09/2022 21:53, Casey Schaufler wrote: Create a struct lsm_id to contain identifying information about Linux Security Modules (LSMs). At inception this contains a single member, which is the name of the module. Change the security_add_hooks() interface t

Re: [PATCH v38 20/39] LSM: Specify which LSM to display

On 27/09/2022 21:54, Casey Schaufler wrote: Create two new prctl() options PR_LSM_ATTR_SET and PR_LSM_ATTR_GET which change and report the Interface LSM respectively. The LSM ID number of an active LSM that supplies hooks for human readable data may be passed in the arg2 value with the PR_LSM_

Re: [PATCH v38 06/39] LSM: lsm_self_attr syscall for LSM self attributes

At least linux-...@vger.kernel.org should be in Cc for new syscalls. You need a dedicated patch to wire this syscall with all architectures. It will help a lot dealing with merge conflicts because of other new syscalls. You can take a look at the Landlock syscall implementations: https://git.k

Re: [PATCH v38 02/39] LSM: Add an LSM identifier for external use

On 27/09/2022 21:53, Casey Schaufler wrote: Add an integer member "id" to the struct lsm_id. This value is a unique identifier associated with each security module. The values are defined in a new UAPI header file. Each existing LSM has been updated to include it's LSMID in the lsm_id. Signed-

Re: [PATCH v38 09/39] LSM: Add the lsmblob data structure.

On 27/09/2022 21:53, Casey Schaufler wrote: When more than one security module is exporting data to audit and networking sub-systems a single 32 bit integer is no longer sufficient to represent the data. Add a structure to be used instead. The lsmblob structure is currently an array of u32 "se

Re: [PATCH v38 39/39] LSM: Create lsm_module_list system call

On 27/09/2022 22:31, Casey Schaufler wrote: Create a system call to report the list of Linux Security Modules that are active on the system. The list is provided as an array of LSM ID numbers. With lsm_self_attr(), this would look like a dir/file structure. Would it be useful for user space

Re: [PATCH v38 39/39] LSM: Create lsm_module_list system call

On Tue, Sep 27, 2022 at 01:31:55PM -0700, Casey Schaufler wrote: > +SYSCALL_DEFINE3(lsm_module_list, > +unsigned int __user *, ids, > +size_t __user *, size, > +int, flags) Please make this unsigned int. > +{ > + unsigned int *interum; > + size_t total_