All of lore.kernel.org
 help / color / mirror / Atom feed
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To: Casey Schaufler <casey@schaufler-ca.com>,
	paul@paul-moore.com, linux-security-module@vger.kernel.org
Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org,
	john.johansen@canonical.com, stephen.smalley.work@gmail.com,
	linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
	mic@digikod.net
Subject: Re: [PATCH v15 01/11] LSM: Identify modules by more than name
Date: Thu, 5 Oct 2023 21:58:41 +0900	[thread overview]
Message-ID: <e391877d-cd10-3c6d-1f57-0aaa32846a8e@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <20230912205658.3432-2-casey@schaufler-ca.com>

On 2023/09/13 5:56, Casey Schaufler wrote:
> Create a struct lsm_id to contain identifying information about Linux
> Security Modules (LSMs). At inception this contains the name of the
> module and an identifier associated with the security module.  Change
> the security_add_hooks() interface to use this structure.  Change the
> individual modules to maintain their own struct lsm_id and pass it to
> security_add_hooks().

I came to worry about what purpose does the LSM ID value (or more precisely,
"struct lsm_id") is used for. If the LSM ID value is used for only switch
{reading,writing} /proc/self/attr/ of specific LSM module's information, only
LSM modules that use /proc/self/attr/ will need the LSM ID value.

But this series uses "struct lsm_id" as one of arguments for security_add_hooks(),
and might be reused for different purposes.

Then, BPF-based LSMs (which are not considered as in-tree LSM modules, for
only BPF hook is considered as in-tree LSM module) might receive unfavorable
treatment than non BPF-based LSMs? 

[PATCH v15 05/11] says

  Create a system call to report the list of Linux Security Modules
  that are active on the system. The list is provided as an array
  of LSM ID numbers.
  
  The calling application can use this list determine what LSM
  specific actions it might take. That might include choosing an
  output format, determining required privilege or bypassing
  security module specific behavior.

but, at least, name of BPF-based LSMs won't be shown up in lsm_list_modules()
compared to non BPF-based LSMs? Then, the calling application can't use this
list determine what BPF-based LSM specific actions it might take?


  parent reply	other threads:[~2023-10-05 15:13 UTC|newest]

Thread overview: 70+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20230912205658.3432-1-casey.ref@schaufler-ca.com>
2023-09-12 20:56 ` [PATCH v15 00/11] LSM: Three basic syscalls Casey Schaufler
2023-09-12 20:56   ` [PATCH v15 01/11] LSM: Identify modules by more than name Casey Schaufler
2023-09-15 11:32     ` Tetsuo Handa
2023-09-15 17:53       ` Casey Schaufler
2023-09-16  6:32         ` Tetsuo Handa
2023-09-17 16:38           ` Casey Schaufler
2023-09-20 10:20             ` Tetsuo Handa
2023-09-20 15:08               ` Kees Cook
2023-09-23  4:46                 ` Tetsuo Handa
2023-09-24  1:58                   ` Kees Cook
2023-09-24 11:06                     ` Tetsuo Handa
2023-09-24 19:48                       ` Kees Cook
2023-10-05 12:58     ` Tetsuo Handa [this message]
2023-10-20 19:52       ` Casey Schaufler
2023-10-21 12:20         ` Tetsuo Handa
2023-10-21 14:11           ` Casey Schaufler
2023-10-29 10:57             ` Tetsuo Handa
2023-10-29 18:00               ` Casey Schaufler
2023-09-12 20:56   ` [PATCH v15 02/11] LSM: Maintain a table of LSM attribute data Casey Schaufler
2023-09-12 20:56   ` [PATCH v15 03/11] proc: Use lsmids instead of lsm names for attrs Casey Schaufler
2023-09-12 20:56   ` [PATCH v15 04/11] LSM: syscalls for current process attributes Casey Schaufler
2023-10-03 14:09     ` Mickaël Salaün
2023-10-06  1:04       ` Paul Moore
2023-10-09 15:36         ` Mickaël Salaün
2023-10-09 16:04           ` Paul Moore
2023-10-10  9:14             ` Mickaël Salaün
2023-10-10 13:10               ` Paul Moore
2023-09-12 20:56   ` [PATCH v15 05/11] LSM: Create lsm_list_modules system call Casey Schaufler
2023-10-03 14:27     ` Mickaël Salaün
2024-03-12 10:16     ` Dmitry V. Levin
2024-03-12 13:25       ` Paul Moore
2024-03-12 15:27         ` Casey Schaufler
2024-03-12 17:06           ` Paul Moore
2024-03-12 17:44             ` Casey Schaufler
2024-03-12 18:09               ` Paul Moore
2024-03-12 18:28               ` Dmitry V. Levin
2024-03-12 21:50                 ` Kees Cook
2024-03-12 22:06                   ` Casey Schaufler
2024-03-12 22:06                 ` Paul Moore
2024-03-12 22:17                   ` Casey Schaufler
2024-03-12 23:17                     ` Paul Moore
2023-09-12 20:56   ` [PATCH v15 06/11] LSM: wireup Linux Security Module syscalls Casey Schaufler
2023-10-03 14:27     ` Mickaël Salaün
2023-09-12 20:56   ` [PATCH v15 07/11] LSM: Helpers for attribute names and filling lsm_ctx Casey Schaufler
2023-10-03 14:28     ` Mickaël Salaün
2023-09-12 20:56   ` [PATCH v15 08/11] Smack: implement setselfattr and getselfattr hooks Casey Schaufler
2023-10-03 14:28     ` Mickaël Salaün
2023-10-20 19:40       ` Casey Schaufler
2023-10-20 19:42       ` Casey Schaufler
2023-09-12 20:56   ` [PATCH v15 09/11] AppArmor: Add selfattr hooks Casey Schaufler
2023-09-12 20:56   ` [PATCH v15 10/11] SELinux: " Casey Schaufler
2023-09-12 20:56   ` [PATCH v15 11/11] LSM: selftests for Linux Security Module syscalls Casey Schaufler
2023-10-03 14:28     ` Mickaël Salaün
2023-10-12 22:07   ` [PATCH v15 00/11] LSM: Three basic syscalls Paul Moore
2023-10-13 21:55     ` Paul Moore
2023-10-16 12:04       ` Roberto Sassu
2023-10-16 15:06         ` Paul Moore
2023-10-17  7:01           ` Roberto Sassu
2023-10-17 15:58             ` Paul Moore
2023-10-17 16:07               ` Roberto Sassu
2023-10-18  9:31                 ` Roberto Sassu
2023-10-18 13:09                   ` Mimi Zohar
2023-10-18 14:14                     ` Roberto Sassu
2023-10-18 16:35                       ` Paul Moore
2023-10-18 20:10                         ` Mimi Zohar
2023-10-18 20:40                           ` Paul Moore
2023-10-19  7:45                             ` Roberto Sassu
2023-10-20 16:36                               ` Casey Schaufler
2023-10-19  8:49                       ` Roberto Sassu
2023-11-13  4:03   ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e391877d-cd10-3c6d-1f57-0aaa32846a8e@I-love.SAKURA.ne.jp \
    --to=penguin-kernel@i-love.sakura.ne.jp \
    --cc=casey@schaufler-ca.com \
    --cc=jmorris@namei.org \
    --cc=john.johansen@canonical.com \
    --cc=keescook@chromium.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mic@digikod.net \
    --cc=paul@paul-moore.com \
    --cc=serge@hallyn.com \
    --cc=stephen.smalley.work@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.