* [PATCH 5/7] SLIM: make and config stuff
@ 2006-08-23 19:05 Kylene Jo Hall
2006-08-23 19:19 ` Stephen Smalley
0 siblings, 1 reply; 6+ messages in thread
From: Kylene Jo Hall @ 2006-08-23 19:05 UTC (permalink / raw)
To: linux-kernel, LSM ML; +Cc: Dave Safford, Mimi Zohar, Serge Hallyn
This patch contains the Makefile, Kconfig and .h files for SLIM.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Kylene Hall <kjhall@us.ibm.com>
---
security/Kconfig | 1
security/Makefile | 1
security/slim/Kconfig | 6 ++
security/slim/Makefile | 6 ++
security/slim/slim.h | 102 +++++++++++++++++++++++++++++++++++++++
5 files changed, 116 insertions(+)
--- linux-2.6.18-rc3/security/slim/slim.h 1969-12-31 18:00:00.000000000 -0600
+++ linux-2.6.18-rc3-working/security/slim/slim.h 2006-08-07 13:00:14.000000000 -0500
@@ -0,0 +1,102 @@
+/*
+ * slim.h - simple linux integrity module
+ *
+ * SLIM's specific model is:
+ *
+ * All objects are labeled with extended attributes to indicate:
+ * Integrity Access Class (IAC)
+ * Secrecy Access Class (SAC)
+ *
+ * All processes inherit from their parents:
+ * Integrity Read Access Class (IRAC)
+ * Integrity Write/Execute Access Class (IWXAC)
+ * Secrecy Write Access Class (SWAC)
+ * Secrecy Read/Execute Access Class (SRXAC)
+ *
+ * SLIM enforces the following Mandatory Access Control Rules:
+ * Read:
+ * IRAC(process) <= IAC(object)
+ * SRXAC(process) >= SAC(object)
+ * Write:
+ * IWXAC(process) >= IAC(object)
+ * SWAC(process) <= SAC(process)
+ * Execute:
+ * IWXAC(process) <= IAC(object)
+ * SRXAC(process) >= SAC(object)
+*/
+
+#include <linux/security.h>
+#include <linux/version.h>
+#include <linux/spinlock_types.h>
+
+struct xattr_data {
+ char *name;
+ void *value;
+ size_t len;
+};
+
+ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer,
+ size_t size);
+ssize_t generic_listxattr(struct dentry *dentry, char *buffer,
+ size_t buffer_size);
+int generic_setxattr(struct dentry *dentry, const char *name, const void *value,
+ size_t size, int flags);
+enum slm_iac_level { /* integrity access class */
+ SLM_IAC_ERROR = -2,
+ SLM_IAC_EXEMPT = -1,
+ SLM_IAC_NOTDEFINED = 0,
+ SLM_IAC_UNTRUSTED,
+ SLM_IAC_USER,
+ SLM_IAC_SYSTEM,
+ SLM_IAC_HIGHEST
+};
+extern char *slm_iac_str[];
+
+enum slm_sac_level { /* secrecy access class */
+ SLM_SAC_ERROR = -2,
+ SLM_SAC_EXEMPT = -1,
+ SLM_SAC_NOTDEFINED = 0,
+ SLM_SAC_PUBLIC,
+ SLM_SAC_USER,
+ SLM_SAC_USER_SENSITIVE,
+ SLM_SAC_SYSTEM_SENSITIVE,
+ SLM_SAC_HIGHEST
+};
+
+struct slm_tsec_data { /* task security data (process info) */
+ enum slm_iac_level iac_r; /* read low integrity files */
+ enum slm_iac_level iac_wx; /* ability to write/execute higher */
+ enum slm_sac_level sac_w; /* ability to write low secrecy files */
+ enum slm_sac_level sac_rx; /* read/execute high secrecy files */
+ int unlimited; /* unlimited guard process */
+ struct dentry *script_dentry; /* used when filename != interp */
+ spinlock_t lock;
+};
+
+struct slm_file_xattr { /* file extended attributes */
+ enum slm_iac_level iac_level; /* integrity */
+ enum slm_sac_level sac_level; /* secrecy */
+ struct slm_tsec_data guard; /* guard process information */
+};
+
+#define SLM_LSM_ID 0x999
+extern int slm_idx;
+
+struct slm_isec_data {
+ struct slm_file_xattr level;
+ spinlock_t lock;
+};
+
+static inline int is_kernel_thread(struct task_struct *tsk)
+{
+ return (!tsk->mm) ? 1 : 0;
+}
+
+extern struct slm_xattr_config *slm_parse_config(char *data,
+ unsigned long datalen,
+ int *datasize);
+
+extern int slm_init_config(void);
+
+extern __init int slm_init_secfs(void);
+extern __exit void slm_cleanup_secfs(void);
--- linux-2.6.18-rc3/security/slim/Makefile 1969-12-31 18:00:00.000000000 -0600
+++ linux-2.6.18-rc3-working/security/slim/Makefile 2006-08-04 13:29:13.000000000 -0500
@@ -0,0 +1,6 @@
+#
+# Makefile for building the SLIM module as part of the kernel tree.
+#
+
+obj-$(CONFIG_SECURITY_SLIM) += slim.o
+slim-y := slm_main.o slm_secfs.o
--- linux-2.6.18-rc3/security/slim/Kconfig 1969-12-31 18:00:00.000000000 -0600
+++ linux-2.6.18-rc3-working/security/slim/Kconfig 2006-08-04 13:29:13.000000000 -0500
@@ -0,0 +1,6 @@
+config SECURITY_SLIM
+ boolean "SLIM support"
+ depends on SECURITY && SECURITY_NETWORK && INTEGRITY
+ help
+ The Simple Linux Integrity Module implements a modified low water-mark
+ mandatory access control integrity model.
--- linux-2.6.18-rc3/security/Makefile 2006-07-30 01:15:36.000000000 -0500
+++ linux-2.6.18-rc3-working/security/Makefile 2006-08-01 12:21:24.000000000 -0500
@@ -3,6 +3,7 @@
#
obj-$(CONFIG_KEYS) += keys/
+obj-$(CONFIG_SECURITY_SLIM) += slim/
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
# if we don't select a security model, use the default capabilities
--- linux-2.6.18-rc3/security/Kconfig 2006-07-30 01:15:36.000000000 -0500
+++ linux-2.6.18-rc3-working/security/Kconfig 2006-08-01 12:21:24.000000000 -0500
@@ -107,5 +107,6 @@ config SECURITY_SECLVL
source security/selinux/Kconfig
+source security/slim/Kconfig
endmenu
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 5/7] SLIM: make and config stuff
2006-08-23 19:05 [PATCH 5/7] SLIM: make and config stuff Kylene Jo Hall
@ 2006-08-23 19:19 ` Stephen Smalley
2006-08-23 19:22 ` Kylene Jo Hall
0 siblings, 1 reply; 6+ messages in thread
From: Stephen Smalley @ 2006-08-23 19:19 UTC (permalink / raw)
To: Kylene Jo Hall
Cc: linux-kernel, LSM ML, Dave Safford, Mimi Zohar, Serge Hallyn
On Wed, 2006-08-23 at 12:05 -0700, Kylene Jo Hall wrote:
> This patch contains the Makefile, Kconfig and .h files for SLIM.
>
> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
> Signed-off-by: Kylene Hall <kjhall@us.ibm.com>
> --- linux-2.6.18-rc3/security/slim/Kconfig 1969-12-31 18:00:00.000000000 -0600
> +++ linux-2.6.18-rc3-working/security/slim/Kconfig 2006-08-04 13:29:13.000000000 -0500
> @@ -0,0 +1,6 @@
> +config SECURITY_SLIM
> + boolean "SLIM support"
> + depends on SECURITY && SECURITY_NETWORK && INTEGRITY
&& !SECURITY_SELINUX?
> + help
> + The Simple Linux Integrity Module implements a modified low water-mark
> + mandatory access control integrity model.
--
Stephen Smalley
National Security Agency
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 5/7] SLIM: make and config stuff
2006-08-23 19:19 ` Stephen Smalley
@ 2006-08-23 19:22 ` Kylene Jo Hall
0 siblings, 0 replies; 6+ messages in thread
From: Kylene Jo Hall @ 2006-08-23 19:22 UTC (permalink / raw)
To: Stephen Smalley
Cc: linux-kernel, LSM ML, Dave Safford, Mimi Zohar, Serge Hallyn
On Wed, 2006-08-23 at 15:19 -0400, Stephen Smalley wrote:
> On Wed, 2006-08-23 at 12:05 -0700, Kylene Jo Hall wrote:
> > This patch contains the Makefile, Kconfig and .h files for SLIM.
> >
> > Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
> > Signed-off-by: Kylene Hall <kjhall@us.ibm.com>
>
> > --- linux-2.6.18-rc3/security/slim/Kconfig 1969-12-31 18:00:00.000000000 -0600
> > +++ linux-2.6.18-rc3-working/security/slim/Kconfig 2006-08-04 13:29:13.000000000 -0500
> > @@ -0,0 +1,6 @@
> > +config SECURITY_SLIM
> > + boolean "SLIM support"
> > + depends on SECURITY && SECURITY_NETWORK && INTEGRITY
>
> && !SECURITY_SELINUX?
>
Rather it seems to make more sense to add an option to slim so that it
could be enabled/disabled on the boot line like selinux=0 and then they
can both be built but only one turned on at a time.
> > + help
> > + The Simple Linux Integrity Module implements a modified low water-mark
> > + mandatory access control integrity model.
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 5/7] SLIM: make and config stuff
2006-09-12 17:57 Kylene Jo Hall
@ 2006-09-19 19:04 ` Pavel Machek
0 siblings, 0 replies; 6+ messages in thread
From: Pavel Machek @ 2006-09-19 19:04 UTC (permalink / raw)
To: Kylene Jo Hall
Cc: linux-kernel, LSM ML, Dave Safford, Mimi Zohar, Serge Hallyn
Hi!
> This patch contains the Makefile, Kconfig and .h files for SLIM.
> +config SECURITY_SLIM_BOOTPARAM_VALUE
> + int "SLIM boot parameter default value"
> + depends on SECURITY_SLIM_BOOTPARAM
> + range 0 1
> + default 1
> + help
> + This option sets the default value for the kernel parameter
> + 'slim', which allows SLIM to be disabled at boot. If this
> + option is set to 0 (zero), the SLIM kernel parameter will
> + default to 0, disabling SLIM at bootup. If this option is
> + set to 1 (one), the SLIM kernel parameter will default to 1,
> + enabling SLIM at bootup.
> +
> + If you are unsure how to answer this question, answer 1.
> +
Do we really need this option? Seems like anyone wanting slim can just
pass the boot argument...?
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 5/7] SLIM: make and config stuff
@ 2006-09-12 17:58 Kylene Jo Hall
0 siblings, 0 replies; 6+ messages in thread
From: Kylene Jo Hall @ 2006-09-12 17:58 UTC (permalink / raw)
To: linux-kernel, LSM ML; +Cc: Dave Safford, Mimi Zohar, Serge Hallyn, akpm
This patch contains the Makefile, Kconfig and .h files for SLIM.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Kylene Hall <kjhall@us.ibm.com>
---
security/slim/slim.h | 89 +++++++++++++++++++++++++++++++++++++++
security/Kconfig | 1
security/Makefile | 1
security/slim/Kconfig | 36 +++++++++++++++
security/slim/Makefile | 6 ++
5 files changed, 133 insertions(+)
--- linux-2.6.18-rc3/security/slim/Makefile 1969-12-31 18:00:00.000000000 -0600
+++ linux-2.6.18-rc3-working/security/slim/Makefile 2006-08-04 13:29:13.000000000 -0500
@@ -0,0 +1,6 @@
+#
+# Makefile for building the SLIM module as part of the kernel tree.
+#
+
+obj-$(CONFIG_SECURITY_SLIM) += slim.o
+slim-y := slm_main.o slm_secfs.o
--- linux-2.6.18-rc3/security/slim/Kconfig 1969-12-31 18:00:00.000000000 -0600
+++ linux-2.6.18-rc3-working/security/slim/Kconfig 2006-08-04 13:29:13.000000000 -0500
@@ -0,0 +1,36 @@
+config SECURITY_SLIM
+ boolean "SLIM support"
+ depends on SECURITY && SECURITY_NETWORK && INTEGRITY
+ help
+ The Simple Linux Integrity Module implements a modified low water-mark
+ mandatory access control integrity model.
+
+config SECURITY_SLIM_BOOTPARAM
+ bool "SLIM boot parameter"
+ depends on SECURITY_SLIM
+ default n
+ help
+ This option adds a kernel parameter 'slim', which allows SLIM
+ to be disabled at boot. If this option is selected, SLIM
+ functionality can be disabled with slim=0 on the kernel
+ command line. The purpose of this option is to allow a single
+ kernel image to be distributed with SLIM built in, but not
+ necessarily enabled.
+
+ If you are unsure how to answer this question, answer N.
+
+config SECURITY_SLIM_BOOTPARAM_VALUE
+ int "SLIM boot parameter default value"
+ depends on SECURITY_SLIM_BOOTPARAM
+ range 0 1
+ default 1
+ help
+ This option sets the default value for the kernel parameter
+ 'slim', which allows SLIM to be disabled at boot. If this
+ option is set to 0 (zero), the SLIM kernel parameter will
+ default to 0, disabling SLIM at bootup. If this option is
+ set to 1 (one), the SLIM kernel parameter will default to 1,
+ enabling SLIM at bootup.
+
+ If you are unsure how to answer this question, answer 1.
+
--- linux-2.6.18-rc3/security/Makefile 2006-07-30 01:15:36.000000000 -0500
+++ linux-2.6.18-rc3-working/security/Makefile 2006-08-01 12:21:24.000000000 -0500
@@ -3,6 +3,7 @@
#
obj-$(CONFIG_KEYS) += keys/
+obj-$(CONFIG_SECURITY_SLIM) += slim/
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
# if we don't select a security model, use the default capabilities
--- linux-2.6.18-rc3/security/Kconfig 2006-07-30 01:15:36.000000000 -0500
+++ linux-2.6.18-rc3-working/security/Kconfig 2006-08-01 12:21:24.000000000 -0500
@@ -107,5 +107,6 @@ config SECURITY_SECLVL
source security/selinux/Kconfig
+source security/slim/Kconfig
endmenu
--- linux-2.6.18/security/slim/slim.h 1969-12-31 16:00:00.000000000 -0800
+++ linux-2.6.17-working/security/slim/slim.h 2006-09-06 11:49:09.000000000 -0700
@@ -0,0 +1,89 @@
+/*
+ * slim.h - simple linux integrity module
+ *
+ * SLIM's specific model is:
+ *
+ * All objects are labeled with extended attributes to indicate:
+ * Integrity Access Class (IAC)
+ * Secrecy Access Class (SAC)
+ *
+ * All processes inherit from their parents:
+ * Integrity Read Access Class (IRAC)
+ * Integrity Write/Execute Access Class (IWXAC)
+ * Secrecy Write Access Class (SWAC)
+ * Secrecy Read/Execute Access Class (SRXAC)
+ *
+ * SLIM enforces the following Mandatory Access Control Rules:
+ * Read:
+ * IRAC(process) <= IAC(object)
+ * SRXAC(process) >= SAC(object)
+ * Write:
+ * IWXAC(process) >= IAC(object)
+ * SWAC(process) <= SAC(process)
+ * Execute:
+ * IWXAC(process) <= IAC(object)
+ * SRXAC(process) >= SAC(object)
+*/
+
+#include <linux/security.h>
+#include <linux/version.h>
+#include <linux/spinlock_types.h>
+
+struct xattr_data {
+ char *name;
+ void *value;
+ size_t len;
+};
+
+ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer,
+ size_t size);
+ssize_t generic_listxattr(struct dentry *dentry, char *buffer,
+ size_t buffer_size);
+int generic_setxattr(struct dentry *dentry, const char *name, const void *value,
+ size_t size, int flags);
+enum slm_iac_level { /* integrity access class */
+ SLM_IAC_ERROR = -2,
+ SLM_IAC_EXEMPT = -1,
+ SLM_IAC_NOTDEFINED = 0,
+ SLM_IAC_UNTRUSTED,
+ SLM_IAC_USER,
+ SLM_IAC_SYSTEM,
+ SLM_IAC_HIGHEST
+};
+extern char *slm_iac_str[];
+
+struct slm_tsec_data { /* task security data (process info) */
+ enum slm_iac_level iac_r; /* read low integrity files */
+ enum slm_iac_level iac_wx; /* ability to write/execute higher */
+ int unlimited; /* unlimited guard process */
+ struct dentry *script_dentry; /* used when filename != interp */
+ spinlock_t lock;
+};
+
+struct slm_file_xattr { /* file extended attributes */
+ enum slm_iac_level iac_level; /* integrity */
+ struct slm_tsec_data guard; /* guard process information */
+};
+
+#define SLM_LSM_ID 0x999
+extern int slm_idx;
+extern int slim_enabled;
+
+struct slm_isec_data {
+ struct slm_file_xattr level;
+ spinlock_t lock;
+};
+
+static inline int is_kernel_thread(struct task_struct *tsk)
+{
+ return (!tsk->mm) ? 1 : 0;
+}
+
+extern struct slm_xattr_config *slm_parse_config(char *data,
+ unsigned long datalen,
+ int *datasize);
+
+extern int slm_init_config(void);
+
+extern __init int slm_init_secfs(void);
+extern __exit void slm_cleanup_secfs(void);
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 5/7] SLIM: make and config stuff
@ 2006-09-12 17:57 Kylene Jo Hall
2006-09-19 19:04 ` Pavel Machek
0 siblings, 1 reply; 6+ messages in thread
From: Kylene Jo Hall @ 2006-09-12 17:57 UTC (permalink / raw)
To: linux-kernel, LSM ML; +Cc: Dave Safford, Mimi Zohar, Serge Hallyn
This patch contains the Makefile, Kconfig and .h files for SLIM.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Kylene Hall <kjhall@us.ibm.com>
---
security/slim/slim.h | 89 +++++++++++++++++++++++++++++++++++++++
security/Kconfig | 1
security/Makefile | 1
security/slim/Kconfig | 36 +++++++++++++++
security/slim/Makefile | 6 ++
5 files changed, 133 insertions(+)
--- linux-2.6.18-rc3/security/slim/Makefile 1969-12-31 18:00:00.000000000 -0600
+++ linux-2.6.18-rc3-working/security/slim/Makefile 2006-08-04 13:29:13.000000000 -0500
@@ -0,0 +1,6 @@
+#
+# Makefile for building the SLIM module as part of the kernel tree.
+#
+
+obj-$(CONFIG_SECURITY_SLIM) += slim.o
+slim-y := slm_main.o slm_secfs.o
--- linux-2.6.18-rc3/security/slim/Kconfig 1969-12-31 18:00:00.000000000 -0600
+++ linux-2.6.18-rc3-working/security/slim/Kconfig 2006-08-04 13:29:13.000000000 -0500
@@ -0,0 +1,36 @@
+config SECURITY_SLIM
+ boolean "SLIM support"
+ depends on SECURITY && SECURITY_NETWORK && INTEGRITY
+ help
+ The Simple Linux Integrity Module implements a modified low water-mark
+ mandatory access control integrity model.
+
+config SECURITY_SLIM_BOOTPARAM
+ bool "SLIM boot parameter"
+ depends on SECURITY_SLIM
+ default n
+ help
+ This option adds a kernel parameter 'slim', which allows SLIM
+ to be disabled at boot. If this option is selected, SLIM
+ functionality can be disabled with slim=0 on the kernel
+ command line. The purpose of this option is to allow a single
+ kernel image to be distributed with SLIM built in, but not
+ necessarily enabled.
+
+ If you are unsure how to answer this question, answer N.
+
+config SECURITY_SLIM_BOOTPARAM_VALUE
+ int "SLIM boot parameter default value"
+ depends on SECURITY_SLIM_BOOTPARAM
+ range 0 1
+ default 1
+ help
+ This option sets the default value for the kernel parameter
+ 'slim', which allows SLIM to be disabled at boot. If this
+ option is set to 0 (zero), the SLIM kernel parameter will
+ default to 0, disabling SLIM at bootup. If this option is
+ set to 1 (one), the SLIM kernel parameter will default to 1,
+ enabling SLIM at bootup.
+
+ If you are unsure how to answer this question, answer 1.
+
--- linux-2.6.18-rc3/security/Makefile 2006-07-30 01:15:36.000000000 -0500
+++ linux-2.6.18-rc3-working/security/Makefile 2006-08-01 12:21:24.000000000 -0500
@@ -3,6 +3,7 @@
#
obj-$(CONFIG_KEYS) += keys/
+obj-$(CONFIG_SECURITY_SLIM) += slim/
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
# if we don't select a security model, use the default capabilities
--- linux-2.6.18-rc3/security/Kconfig 2006-07-30 01:15:36.000000000 -0500
+++ linux-2.6.18-rc3-working/security/Kconfig 2006-08-01 12:21:24.000000000 -0500
@@ -107,5 +107,6 @@ config SECURITY_SECLVL
source security/selinux/Kconfig
+source security/slim/Kconfig
endmenu
--- linux-2.6.18/security/slim/slim.h 1969-12-31 16:00:00.000000000 -0800
+++ linux-2.6.17-working/security/slim/slim.h 2006-09-06 11:49:09.000000000 -0700
@@ -0,0 +1,89 @@
+/*
+ * slim.h - simple linux integrity module
+ *
+ * SLIM's specific model is:
+ *
+ * All objects are labeled with extended attributes to indicate:
+ * Integrity Access Class (IAC)
+ * Secrecy Access Class (SAC)
+ *
+ * All processes inherit from their parents:
+ * Integrity Read Access Class (IRAC)
+ * Integrity Write/Execute Access Class (IWXAC)
+ * Secrecy Write Access Class (SWAC)
+ * Secrecy Read/Execute Access Class (SRXAC)
+ *
+ * SLIM enforces the following Mandatory Access Control Rules:
+ * Read:
+ * IRAC(process) <= IAC(object)
+ * SRXAC(process) >= SAC(object)
+ * Write:
+ * IWXAC(process) >= IAC(object)
+ * SWAC(process) <= SAC(process)
+ * Execute:
+ * IWXAC(process) <= IAC(object)
+ * SRXAC(process) >= SAC(object)
+*/
+
+#include <linux/security.h>
+#include <linux/version.h>
+#include <linux/spinlock_types.h>
+
+struct xattr_data {
+ char *name;
+ void *value;
+ size_t len;
+};
+
+ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer,
+ size_t size);
+ssize_t generic_listxattr(struct dentry *dentry, char *buffer,
+ size_t buffer_size);
+int generic_setxattr(struct dentry *dentry, const char *name, const void *value,
+ size_t size, int flags);
+enum slm_iac_level { /* integrity access class */
+ SLM_IAC_ERROR = -2,
+ SLM_IAC_EXEMPT = -1,
+ SLM_IAC_NOTDEFINED = 0,
+ SLM_IAC_UNTRUSTED,
+ SLM_IAC_USER,
+ SLM_IAC_SYSTEM,
+ SLM_IAC_HIGHEST
+};
+extern char *slm_iac_str[];
+
+struct slm_tsec_data { /* task security data (process info) */
+ enum slm_iac_level iac_r; /* read low integrity files */
+ enum slm_iac_level iac_wx; /* ability to write/execute higher */
+ int unlimited; /* unlimited guard process */
+ struct dentry *script_dentry; /* used when filename != interp */
+ spinlock_t lock;
+};
+
+struct slm_file_xattr { /* file extended attributes */
+ enum slm_iac_level iac_level; /* integrity */
+ struct slm_tsec_data guard; /* guard process information */
+};
+
+#define SLM_LSM_ID 0x999
+extern int slm_idx;
+extern int slim_enabled;
+
+struct slm_isec_data {
+ struct slm_file_xattr level;
+ spinlock_t lock;
+};
+
+static inline int is_kernel_thread(struct task_struct *tsk)
+{
+ return (!tsk->mm) ? 1 : 0;
+}
+
+extern struct slm_xattr_config *slm_parse_config(char *data,
+ unsigned long datalen,
+ int *datasize);
+
+extern int slm_init_config(void);
+
+extern __init int slm_init_secfs(void);
+extern __exit void slm_cleanup_secfs(void);
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2006-09-19 22:35 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-08-23 19:05 [PATCH 5/7] SLIM: make and config stuff Kylene Jo Hall
2006-08-23 19:19 ` Stephen Smalley
2006-08-23 19:22 ` Kylene Jo Hall
2006-09-12 17:57 Kylene Jo Hall
2006-09-19 19:04 ` Pavel Machek
2006-09-12 17:58 Kylene Jo Hall
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).