From mboxrd@z Thu Jan 1 00:00:00 1970 From: john.johansen@canonical.com (John Johansen) Date: Sat, 29 Sep 2018 11:19:52 -0700 Subject: [PATCH security-next v3 00/29] LSM: Explict LSM ordering In-Reply-To: References: <20180925001832.18322-1-keescook@chromium.org> Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On 09/29/2018 03:48 AM, Tetsuo Handa wrote: > On 2018/09/29 5:01, Kees Cook wrote: >> On Fri, Sep 28, 2018 at 8:55 AM, Casey Schaufler wrote: >>> On 9/24/2018 5:18 PM, Kees Cook wrote: >>>> v3: >>>> - add CONFIG_LSM_ENABLE and refactor resulting logic >>> >>> Kees, you can add my >>> >>> Reviewed-by:Casey Schaufler >>> >>> for this entire patch set. Thank you for taking this on, it's >>> a significant and important chunk of the LSM infrastructure >>> update. >> >> Thanks! >> >> John, you'd looked at this a bit too -- do the results line up with >> your expectations? >> >> Any thoughts from SELinux, TOMOYO, or IMA folks? > > I'm OK with this approach. Thank you. > > > > Just wondering what is "__lsm_name_##lsm" for... > > +#define DEFINE_LSM(lsm) \ > + static const char __lsm_name_##lsm[] __initconst \ > + __aligned(1) = #lsm; \ > + static struct lsm_info __lsm_##lsm \ > + __used __section(.lsm_info.init) \ > + __aligned(sizeof(unsigned long)) \ > + = { \ > + .name = __lsm_name_##lsm, \ > + > +#define END_LSM } > > We could do something like below so that funny END_LSM is not required? > I felt } like a typo error at the first glance. What we need is to > gather into one section with appropriate alignment, isn't it? > well and Kees was trying to automagically set the name. This threw me off too at first and I am still trying to figure out if I would prefer something simpler, and more standard like below. > #define LSM_INFO \ > static struct lsm_info __lsm_ \ > __used __section(.lsm_info.init) \ > __aligned(sizeof(unsigned long)) \ > > LSM_INFO = { > .name = "tomoyo", > .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, > .init = tomoyo_init, > }; >