Re: [PATCH v1 7/8] LSM: Create lsm_module_list system call

From: Casey Schaufler <casey@schaufler-ca.com>
To: Paul Moore <paul@paul-moore.com>
Cc: casey.schaufler@intel.com, linux-security-module@vger.kernel.org,
	jmorris@namei.org, keescook@chromium.org,
	john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
	stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
	linux-api@vger.kernel.org, mic@digikod.net,
	casey@schaufler-ca.com
Subject: Re: [PATCH v1 7/8] LSM: Create lsm_module_list system call
Date: Wed, 9 Nov 2022 17:37:14 -0800	[thread overview]
Message-ID: <ea927e49-0099-df0a-d263-400782486b35@schaufler-ca.com> (raw)
In-Reply-To: <CAHC9VhQ5Jrt3Ns+m7DFZ+_pP81AWqSx588HMZR+7MUuMfSZoig@mail.gmail.com>

On 11/9/2022 3:35 PM, Paul Moore wrote:
> On Tue, Oct 25, 2022 at 2:48 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
>> Create a system call to report the list of Linux Security Modules
>> that are active on the system. The list is provided as an array
>> of LSM ID numbers.
>>
>> The calling application can use this list determine what LSM
>> specific actions it might take. That might include chosing an
>> output format, determining required privilege or bypassing
>> security module specific behavior.
>>
>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
>> ---
>>  include/linux/syscalls.h |  1 +
>>  kernel/sys_ni.c          |  1 +
>>  security/lsm_syscalls.c  | 38 ++++++++++++++++++++++++++++++++++++++
>>  3 files changed, 40 insertions(+)
> ..
>
>> diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c
>> index da0fab7065e2..cd5db370b974 100644
>> --- a/security/lsm_syscalls.c
>> +++ b/security/lsm_syscalls.c
>> @@ -154,3 +154,41 @@ SYSCALL_DEFINE3(lsm_self_attr,
>>         kfree(final);
>>         return rc;
>>  }
>> +
>> +/**
>> + * lsm_module_list - Return a list of the active security modules
>> + * @ids: the LSM module ids
>> + * @size: size of @ids, updated on return
>> + * @flags: reserved for future use, must be zero
>> + *
>> + * Returns a list of the active LSM ids. On success this function
>> + * returns the number of @ids array elements. This value may be zero
>> + * if there are no LSMs active. If @size is insufficient to contain
>> + * the return data -E2BIG is returned and @size is set to the minimum
>> + * required size. In all other cases a negative value indicating the
>> + * error is returned.
>> + */
> Let's make a promise that for this syscall we will order the LSM IDs
> in the array in the same order as which they are configured/executed.

Sure. Order registered, which can vary, as opposed to LSM ID order,
which cannot. That could be important to ensure that applications
that enforce the same policy as the kernel will hit the checks in
the same order as the kernel. That's how it is coded. It needs to
be documented. 

> I'm doubtful that only a *very* small number of applications will care
> about this (if any), but this is something we can do so let's do it
> now while we can.
>
>> +SYSCALL_DEFINE3(lsm_module_list,
>> +               unsigned int __user *, ids,
>> +               size_t __user *, size,
>> +               unsigned int, flags)
> --
> paul-moore.com