From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To: masanobu2.koike@toshiba.co.jp, casey@schaufler-ca.com
Cc: jmorris@namei.org, serge@hallyn.com,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.
Date: Sat, 3 Mar 2018 17:22:05 +0900 [thread overview]
Message-ID: <201803031722.EDF21804.QHMOtFJOFFOLSV@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <TYXPR01MB18540A7EDCE6F5BE8CFE130EF1C50@TYXPR01MB1854.jpnprd01.prod.outlook.com>
Masanobu Koike wrote:
> On Friday, March 02, 2018 12:43 AM, Casey Schaufler wrote:
> > On 2/28/2018 11:38 PM, Masanobu Koike wrote:
> > > @@ -264,6 +266,9 @@ choice
> > > config DEFAULT_SECURITY_APPARMOR
> > > bool "AppArmor" if SECURITY_APPARMOR=y
> > >
> > > + config DEFAULT_SECURITY_WHITEEGRET
> > > + bool "WhiteEgret" if SECURITY_WHITEEGRET=y
> > > +
> >
> > I don't see this module using any security blobs. Is there
> > a reason you're not making this a minor (like yama) module
> > instead of a major (like AppArmor) module?
>
> Thank you for your suggestion.
> We are now developing WhiteEgret on the environment
> it works certainly.
>
??? What Casey suggested is effectively
----------
--- a/security/whiteegret/init.c
+++ b/security/whiteegret/init.c
@@ -48,9 +48,6 @@ static int __init we_init(void)
{
int rc;
- if (!security_module_enable("whiteegret"))
- return 0;
-
security_add_hooks(we_hooks, ARRAY_SIZE(we_hooks), "whiteegret");
rc = we_specific_init();
----------
, isn't it? Unlike Yama, adding whiteegret_add_hooks() to security_init()
is not useful, for security_init() is called too early to create securityfs
entries for WhiteEgret.
Current version uses security= parameter as a switch for enabling/disabling
WhiteEgret, doesn't it? If WhiteEgret does not use security= as a switch,
is some other switch (e.g. __setup()) expected?
WARNING: multiple messages have this Message-ID (diff)
From: penguin-kernel@I-love.SAKURA.ne.jp (Tetsuo Handa)
To: linux-security-module@vger.kernel.org
Subject: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions.
Date: Sat, 3 Mar 2018 17:22:05 +0900 [thread overview]
Message-ID: <201803031722.EDF21804.QHMOtFJOFFOLSV@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <TYXPR01MB18540A7EDCE6F5BE8CFE130EF1C50@TYXPR01MB1854.jpnprd01.prod.outlook.com>
Masanobu Koike wrote:
> On Friday, March 02, 2018 12:43 AM, Casey Schaufler wrote:
> > On 2/28/2018 11:38 PM, Masanobu Koike wrote:
> > > @@ -264,6 +266,9 @@ choice
> > > config DEFAULT_SECURITY_APPARMOR
> > > bool "AppArmor" if SECURITY_APPARMOR=y
> > >
> > > + config DEFAULT_SECURITY_WHITEEGRET
> > > + bool "WhiteEgret" if SECURITY_WHITEEGRET=y
> > > +
> >
> > I don't see this module using any security blobs. Is there
> > a reason you're not making this a minor (like yama) module
> > instead of a major (like AppArmor) module?
>
> Thank you for your suggestion.
> We are now developing WhiteEgret on the environment
> it works certainly.
>
??? What Casey suggested is effectively
----------
--- a/security/whiteegret/init.c
+++ b/security/whiteegret/init.c
@@ -48,9 +48,6 @@ static int __init we_init(void)
{
int rc;
- if (!security_module_enable("whiteegret"))
- return 0;
-
security_add_hooks(we_hooks, ARRAY_SIZE(we_hooks), "whiteegret");
rc = we_specific_init();
----------
, isn't it? Unlike Yama, adding whiteegret_add_hooks() to security_init()
is not useful, for security_init() is called too early to create securityfs
entries for WhiteEgret.
Current version uses security= parameter as a switch for enabling/disabling
WhiteEgret, doesn't it? If WhiteEgret does not use security= as a switch,
is some other switch (e.g. __setup()) expected?
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-03-03 8:22 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-01 7:38 [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions Masanobu Koike
2018-03-01 7:38 ` Masanobu Koike
2018-03-01 15:43 ` Casey Schaufler
2018-03-01 15:43 ` Casey Schaufler
2018-03-02 3:57 ` masanobu2.koike
2018-03-02 3:57 ` masanobu2.koike at toshiba.co.jp
2018-03-03 8:22 ` Tetsuo Handa [this message]
2018-03-03 8:22 ` Tetsuo Handa
2018-03-08 6:23 ` masanobu2.koike
2018-03-08 6:23 ` masanobu2.koike at toshiba.co.jp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201803031722.EDF21804.QHMOtFJOFFOLSV@I-love.SAKURA.ne.jp \
--to=penguin-kernel@i-love.sakura.ne.jp \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=masanobu2.koike@toshiba.co.jp \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.