From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.1 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31CC7C433E4 for ; Mon, 27 Jul 2020 16:12:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0C98720672 for ; Mon, 27 Jul 2020 16:12:25 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="R8WWPDDf" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728622AbgG0QMY (ORCPT ); Mon, 27 Jul 2020 12:12:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727975AbgG0QMY (ORCPT ); Mon, 27 Jul 2020 12:12:24 -0400 Received: from mail-oi1-x242.google.com (mail-oi1-x242.google.com [IPv6:2607:f8b0:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05E5FC061794; Mon, 27 Jul 2020 09:12:24 -0700 (PDT) Received: by mail-oi1-x242.google.com with SMTP id k22so14814143oib.0; Mon, 27 Jul 2020 09:12:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=piFsRY7JOm24njFZpgZZGCe0rwON4Csurmi1k3Fom/s=; b=R8WWPDDf5X7l/Ty4nDs3DP5h7tdNgpwJpBxPH1TKawwvOBua6NA4iyd9xCoCNAJCiJ lVfc3AnvMvCZIZjRbY9QYrCLswa9WdJHK+gGBe6Gt18ocHZxw0/YjfUalbE4nO3irDU5 sBQMwx8gPM0qMSTLZDfz01zFshUSwT9/zbudDToQn3h99Jb4VlZiSCKf0BjgjL3OKlW0 TmJ0KkUKus3flMsf+CJJ3o8eUwqu9PpUgdZFD5yTriIW8t1sgqEHOfuoJmx10f/2mv+D DadruT/8ILwj5ToSxVn7V8QHTwU3KbwIJaNF835hK6tFqqGJFJmi0+xvUev3xWfflgNN j+wg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=piFsRY7JOm24njFZpgZZGCe0rwON4Csurmi1k3Fom/s=; b=rT3SEYkXcCtjlXKaiqpRx701nuEdelSzeBxPi+DCCyzcRK2dlcnrRz9SM/2TmYIcbB DzE2HvcLnnBOriQsaVb/6xzgyOdxfJQg5dcQhzcB3q3HRj6ROlgsA1g/qBMEefWSSocI ZAN345OGco3OQQ6DEy3+T7S/COepS76Lqe2tt4wVlmkHudqSAWuGuExcwtjZWN5yPlO+ pUgLWUIp8OTsGLJfe8Oc/iBirB82c60MbBHKuWjZyq7+2A1EtEaqIxAuSN0GQRoUm6Zr UfMJjK0fwGj/etKanUCbCtak5C1lNoKPYvg6sKpu3m/F7NJEIWU1gXxVxZ5FC4nNBE+E d+MQ== X-Gm-Message-State: AOAM531w/GiNYYIgMk2MEBGPtneNQIhFFS4Yd0c7Vwt9a9xXt9aspYR7 Pbdb9v70Kla78f9pbIA350x29vFFxV+hY4Gw9Vs= X-Google-Smtp-Source: ABdhPJxzbXrmkz19yELtpn/YxAJN5p300896o7TLZsr1hdQEGgmj6ERW5cTYe5V1vbtSJwkncp45dtNUGsy/Vz4qvyg= X-Received: by 2002:aca:c4cc:: with SMTP id u195mr56473oif.160.1595866343429; Mon, 27 Jul 2020 09:12:23 -0700 (PDT) MIME-Version: 1.0 References: <20200724203226.16374-1-casey@schaufler-ca.com> <20200724203226.16374-3-casey@schaufler-ca.com> In-Reply-To: <20200724203226.16374-3-casey@schaufler-ca.com> From: Stephen Smalley Date: Mon, 27 Jul 2020 12:12:12 -0400 Message-ID: Subject: Re: [PATCH v19 02/23] LSM: Create and manage the lsmblob data structure. To: Casey Schaufler Cc: Casey Schaufler , James Morris , LSM List , SElinux list , John Johansen , linux-audit@redhat.com, Stephen Smalley Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org On Fri, Jul 24, 2020 at 4:35 PM Casey Schaufler wr= ote: > > When more than one security module is exporting data to > audit and networking sub-systems a single 32 bit integer > is no longer sufficient to represent the data. Add a > structure to be used instead. > > The lsmblob structure is currently an array of > u32 "secids". There is an entry for each of the > security modules built into the system that would > use secids if active. The system assigns the module > a "slot" when it registers hooks. If modules are > compiled in but not registered there will be unused > slots. > > A new lsm_id structure, which contains the name > of the LSM and its slot number, is created. There > is an instance for each LSM, which assigns the name > and passes it to the infrastructure to set the slot. > > The audit rules data is expanded to use an array of > security module data rather than a single instance. > Because IMA uses the audit rule functions it is > affected as well. > > Acked-by: Stephen Smalley > Acked-by: Paul Moore > Signed-off-by: Casey Schaufler With CONFIG_BPF_LSM=3Dy: security/bpf/hooks.c: In function =E2=80=98bpf_lsm_init=E2=80=99: security/bpf/hooks.c:18:63: error: passing argument 3 of =E2=80=98security_add_hooks=E2=80=99 from incompatible pointer type [-Werror=3Dincompatible-pointer-types] 18 | security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"= ); | ^~~~~ | | | char = * In file included from security/bpf/hooks.c:6: ./include/linux/lsm_hooks.h:1592:26: note: expected =E2=80=98struct lsm_id = *=E2=80=99 but argument is of type =E2=80=98char *=E2=80=99 1592 | struct lsm_id *lsmid); | ~~~~~~~~~~~~~~~^~~~~ From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CE67C433E8 for ; Mon, 27 Jul 2020 16:12:46 +0000 (UTC) Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D76EA20719 for ; Mon, 27 Jul 2020 16:12:45 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D76EA20719 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-audit-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-303-99RNFehAOP6xtieb1xN9pQ-1; Mon, 27 Jul 2020 12:12:42 -0400 X-MC-Unique: 99RNFehAOP6xtieb1xN9pQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 987D3101C8A0; Mon, 27 Jul 2020 16:12:38 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B50C68FA5D; Mon, 27 Jul 2020 16:12:37 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3B3321809554; Mon, 27 Jul 2020 16:12:32 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 06RGCUVP001113 for ; Mon, 27 Jul 2020 12:12:30 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5517A201828A; Mon, 27 Jul 2020 16:12:30 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3A3F02018284 for ; Mon, 27 Jul 2020 16:12:28 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 334048007CD for ; Mon, 27 Jul 2020 16:12:28 +0000 (UTC) Received: from mail-oi1-f193.google.com (mail-oi1-f193.google.com [209.85.167.193]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-343-LEdwe1-xNoSXJgcAYHdmEg-1; Mon, 27 Jul 2020 12:12:24 -0400 X-MC-Unique: LEdwe1-xNoSXJgcAYHdmEg-1 Received: by mail-oi1-f193.google.com with SMTP id k6so14771956oij.11 for ; Mon, 27 Jul 2020 09:12:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=piFsRY7JOm24njFZpgZZGCe0rwON4Csurmi1k3Fom/s=; b=pIvmqtpUDVcqDjzZBdllhyx9qE/gbvOwQaCXrbCIKadvrldM5qY/KMiwG0rZzXHiOy Hkcjw095uVB/zRyNtytcm70W+wRi6N3oxv4K9AZqJjuVc8tVFivvUpgIqx+5Au4Nv9Rn +eASotVLMvOaiARjI49te3Fx2wMFbfEQQ+74qbH961CQlqTgRZhCCH9sKapOQz/hLBTh rsIQ/MlAo2XAdcQLrJPkYgi4le0kWdLSNg59u8Zp78Y0BHI3Kww6XvczsRejDUTIDfy9 HkllKLnmE9GS/TdSi5rONwUr4kDsJPFMrwJr0qRJ1J7VoAP8fcYfBpbBG7Wo8mSy99gS omAg== X-Gm-Message-State: AOAM531hclSDcJowtW/Mk41gTn5jYa97QO0cm3Wfrp3gIDkmJm1TtGnb JKvauvuHo2sreR+X3BLQyPdWWI36EhCbrAKZW7w= X-Google-Smtp-Source: ABdhPJxzbXrmkz19yELtpn/YxAJN5p300896o7TLZsr1hdQEGgmj6ERW5cTYe5V1vbtSJwkncp45dtNUGsy/Vz4qvyg= X-Received: by 2002:aca:c4cc:: with SMTP id u195mr56473oif.160.1595866343429; Mon, 27 Jul 2020 09:12:23 -0700 (PDT) MIME-Version: 1.0 References: <20200724203226.16374-1-casey@schaufler-ca.com> <20200724203226.16374-3-casey@schaufler-ca.com> In-Reply-To: <20200724203226.16374-3-casey@schaufler-ca.com> From: Stephen Smalley Date: Mon, 27 Jul 2020 12:12:12 -0400 Message-ID: Subject: Re: [PATCH v19 02/23] LSM: Create and manage the lsmblob data structure. To: Casey Schaufler X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 06RGCUVP001113 X-loop: linux-audit@redhat.com Cc: John Johansen , SElinux list , James Morris , LSM List , linux-audit@redhat.com, Casey Schaufler , Stephen Smalley X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 T24gRnJpLCBKdWwgMjQsIDIwMjAgYXQgNDozNSBQTSBDYXNleSBTY2hhdWZsZXIgPGNhc2V5QHNj aGF1Zmxlci1jYS5jb20+IHdyb3RlOgo+Cj4gV2hlbiBtb3JlIHRoYW4gb25lIHNlY3VyaXR5IG1v ZHVsZSBpcyBleHBvcnRpbmcgZGF0YSB0bwo+IGF1ZGl0IGFuZCBuZXR3b3JraW5nIHN1Yi1zeXN0 ZW1zIGEgc2luZ2xlIDMyIGJpdCBpbnRlZ2VyCj4gaXMgbm8gbG9uZ2VyIHN1ZmZpY2llbnQgdG8g cmVwcmVzZW50IHRoZSBkYXRhLiBBZGQgYQo+IHN0cnVjdHVyZSB0byBiZSB1c2VkIGluc3RlYWQu Cj4KPiBUaGUgbHNtYmxvYiBzdHJ1Y3R1cmUgaXMgY3VycmVudGx5IGFuIGFycmF5IG9mCj4gdTMy ICJzZWNpZHMiLiBUaGVyZSBpcyBhbiBlbnRyeSBmb3IgZWFjaCBvZiB0aGUKPiBzZWN1cml0eSBt b2R1bGVzIGJ1aWx0IGludG8gdGhlIHN5c3RlbSB0aGF0IHdvdWxkCj4gdXNlIHNlY2lkcyBpZiBh Y3RpdmUuIFRoZSBzeXN0ZW0gYXNzaWducyB0aGUgbW9kdWxlCj4gYSAic2xvdCIgd2hlbiBpdCBy ZWdpc3RlcnMgaG9va3MuIElmIG1vZHVsZXMgYXJlCj4gY29tcGlsZWQgaW4gYnV0IG5vdCByZWdp c3RlcmVkIHRoZXJlIHdpbGwgYmUgdW51c2VkCj4gc2xvdHMuCj4KPiBBIG5ldyBsc21faWQgc3Ry dWN0dXJlLCB3aGljaCBjb250YWlucyB0aGUgbmFtZQo+IG9mIHRoZSBMU00gYW5kIGl0cyBzbG90 IG51bWJlciwgaXMgY3JlYXRlZC4gVGhlcmUKPiBpcyBhbiBpbnN0YW5jZSBmb3IgZWFjaCBMU00s IHdoaWNoIGFzc2lnbnMgdGhlIG5hbWUKPiBhbmQgcGFzc2VzIGl0IHRvIHRoZSBpbmZyYXN0cnVj dHVyZSB0byBzZXQgdGhlIHNsb3QuCj4KPiBUaGUgYXVkaXQgcnVsZXMgZGF0YSBpcyBleHBhbmRl ZCB0byB1c2UgYW4gYXJyYXkgb2YKPiBzZWN1cml0eSBtb2R1bGUgZGF0YSByYXRoZXIgdGhhbiBh IHNpbmdsZSBpbnN0YW5jZS4KPiBCZWNhdXNlIElNQSB1c2VzIHRoZSBhdWRpdCBydWxlIGZ1bmN0 aW9ucyBpdCBpcwo+IGFmZmVjdGVkIGFzIHdlbGwuCj4KPiBBY2tlZC1ieTogU3RlcGhlbiBTbWFs bGV5IDxzZHNAdHljaG8ubnNhLmdvdj4KPiBBY2tlZC1ieTogUGF1bCBNb29yZSA8cGF1bEBwYXVs LW1vb3JlLmNvbT4KPiBTaWduZWQtb2ZmLWJ5OiBDYXNleSBTY2hhdWZsZXIgPGNhc2V5QHNjaGF1 Zmxlci1jYS5jb20+CgpXaXRoIENPTkZJR19CUEZfTFNNPXk6CgpzZWN1cml0eS9icGYvaG9va3Mu YzogSW4gZnVuY3Rpb24g4oCYYnBmX2xzbV9pbml04oCZOgpzZWN1cml0eS9icGYvaG9va3MuYzox ODo2MzogZXJyb3I6IHBhc3NpbmcgYXJndW1lbnQgMyBvZgrigJhzZWN1cml0eV9hZGRfaG9va3Pi gJkgZnJvbSBpbmNvbXBhdGlibGUgcG9pbnRlciB0eXBlClstV2Vycm9yPWluY29tcGF0aWJsZS1w b2ludGVyLXR5cGVzXQogICAxOCB8ICBzZWN1cml0eV9hZGRfaG9va3MoYnBmX2xzbV9ob29rcywg QVJSQVlfU0laRShicGZfbHNtX2hvb2tzKSwgImJwZiIpOwogICAgICB8ICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXn5+fn4KICAg ICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHwKICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIGNoYXIgKgpJbiBmaWxlIGluY2x1ZGVkIGZyb20gc2Vj dXJpdHkvYnBmL2hvb2tzLmM6NjoKLi9pbmNsdWRlL2xpbnV4L2xzbV9ob29rcy5oOjE1OTI6MjY6 IG5vdGU6IGV4cGVjdGVkIOKAmHN0cnVjdCBsc21faWQgKuKAmQpidXQgYXJndW1lbnQgaXMgb2Yg dHlwZSDigJhjaGFyICrigJkKIDE1OTIgfCAgICAgICAgICAgc3RydWN0IGxzbV9pZCAqbHNtaWQp OwogICAgICB8ICAgICAgICAgICB+fn5+fn5+fn5+fn5+fn5efn5+fgoKCi0tCkxpbnV4LWF1ZGl0 IG1haWxpbmcgbGlzdApMaW51eC1hdWRpdEByZWRoYXQuY29tCmh0dHBzOi8vd3d3LnJlZGhhdC5j b20vbWFpbG1hbi9saXN0aW5mby9saW51eC1hdWRpdA==