From: serue@us.ibm.com
To: lkml <linux-kernel@vger.kernel.org>
Cc: Chris Wright <chrisw@osdl.org>,
Stephen Smalley <sds@epoch.ncsc.mil>,
James Morris <jmorris@redhat.com>, Andrew Morton <akpm@osdl.org>,
Michael Halcrow <mhalcrow@us.ibm.com>,
David Safford <safford@watson.ibm.com>,
Reiner Sailer <sailer@us.ibm.com>,
Gerrit Huizenga <gerrit@us.ibm.com>
Subject: [patch 7/12] lsm stacking v0.2: selinux: update security structs
Date: Thu, 30 Jun 2005 14:52:29 -0500 [thread overview]
Message-ID: <20050630195229.GG23538@serge.austin.ibm.com> (raw)
In-Reply-To: <20050630194458.GA23439@serge.austin.ibm.com>
Add the struct security_list lsm_list; to each structure which SELinux will be
appending to a kernel object.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
---
objsec.h | 19 +++++++++++--------
1 files changed, 11 insertions(+), 8 deletions(-)
Index: linux-2.6.13-rc1/security/selinux/include/objsec.h
===================================================================
--- linux-2.6.13-rc1.orig/security/selinux/include/objsec.h 2005-06-30 15:32:49.000000000 -0500
+++ linux-2.6.13-rc1/security/selinux/include/objsec.h 2005-06-30 15:33:47.000000000 -0500
@@ -23,11 +23,14 @@
#include <linux/fs.h>
#include <linux/binfmts.h>
#include <linux/in.h>
+#include <linux/security.h>
#include "flask.h"
#include "avc.h"
+#define SELINUX_LSM_ID 0xB65
+
struct task_security_struct {
- unsigned long magic; /* magic number for this module */
+ struct security_list lsm_list; /* chained security objects */
struct task_struct *task; /* back pointer to task object */
u32 osid; /* SID prior to last execve */
u32 sid; /* current SID */
@@ -37,7 +40,7 @@ struct task_security_struct {
};
struct inode_security_struct {
- unsigned long magic; /* magic number for this module */
+ struct security_list lsm_list; /* chained security objects */
struct inode *inode; /* back pointer to inode object */
struct list_head list; /* list of inode_security_struct */
u32 task_sid; /* SID of creating task */
@@ -49,14 +52,14 @@ struct inode_security_struct {
};
struct file_security_struct {
- unsigned long magic; /* magic number for this module */
+ struct security_list lsm_list; /* chained security objects */
struct file *file; /* back pointer to file object */
u32 sid; /* SID of open file description */
u32 fown_sid; /* SID of file owner (for SIGIO) */
};
struct superblock_security_struct {
- unsigned long magic; /* magic number for this module */
+ struct security_list lsm_list; /* chained security objects */
struct super_block *sb; /* back pointer to sb object */
struct list_head list; /* list of superblock_security_struct */
u32 sid; /* SID of file system */
@@ -70,20 +73,20 @@ struct superblock_security_struct {
};
struct msg_security_struct {
- unsigned long magic; /* magic number for this module */
+ struct security_list lsm_list; /* chained security objects */
struct msg_msg *msg; /* back pointer */
u32 sid; /* SID of message */
};
struct ipc_security_struct {
- unsigned long magic; /* magic number for this module */
+ struct security_list lsm_list; /* chained security objects */
struct kern_ipc_perm *ipc_perm; /* back pointer */
u16 sclass; /* security class of this object */
u32 sid; /* SID of IPC resource */
};
struct bprm_security_struct {
- unsigned long magic; /* magic number for this module */
+ struct security_list lsm_list; /* chained security objects */
struct linux_binprm *bprm; /* back pointer to bprm object */
u32 sid; /* SID for transformed process */
unsigned char set;
@@ -102,7 +105,7 @@ struct netif_security_struct {
};
struct sk_security_struct {
- unsigned long magic; /* magic number for this module */
+ struct security_list lsm_list; /* chained security objects */
struct sock *sk; /* back pointer to sk object */
u32 peer_sid; /* SID of peer */
};
next prev parent reply other threads:[~2005-06-30 20:02 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-30 19:44 [patch 0/12] lsm stacking v0.2: intro serue
2005-06-30 19:48 ` [patch 1/12] lsm stacking v0.2: don't default to dummy_##hook serue
2005-06-30 19:48 ` [patch 2/12] lsm stacking v0.2: replace void* security with hlist serue
2005-06-30 19:49 ` [patch 3/12] lsm stacking v0.2: introduce security_*_value API serue
2005-06-30 19:49 ` [patch 4/12] lsm stacking v0.2: stacker documentation serue
2005-06-30 19:50 ` [patch 5/12] lsm stacking v0.2: actual stacker module serue
2005-07-01 2:32 ` James Morris
2005-07-01 19:24 ` serge
2005-07-01 20:35 ` Greg KH
2005-07-03 0:24 ` serge
2005-07-03 18:25 ` Tony Jones
2005-07-03 18:53 ` James Morris
2005-07-03 19:09 ` Tony Jones
2005-07-03 20:44 ` [PATCH] securityfs Greg KH
2005-07-04 12:39 ` serge
2005-07-04 15:53 ` serge
2005-07-05 6:07 ` Greg KH
2005-07-06 12:25 ` serge
2005-07-06 6:52 ` James Morris
2005-07-06 7:04 ` Greg KH
2005-07-06 12:29 ` Stephen Smalley
2005-07-06 15:35 ` James Morris
2005-07-06 16:06 ` Stephen Smalley
2005-07-06 16:16 ` Greg KH
2005-07-06 18:01 ` Chris Wright
2005-07-06 22:08 ` serue
2005-07-06 22:22 ` Greg KH
2005-07-06 23:32 ` serge
2005-07-07 17:30 ` serge
2005-07-07 17:48 ` Greg KH
2005-07-07 18:27 ` serue
2005-07-07 22:46 ` serge
2005-07-07 23:06 ` Greg KH
2005-07-07 23:12 ` serue
2005-07-08 20:44 ` serue
2005-07-08 20:49 ` Greg KH
2005-07-08 21:03 ` Chris Wright
2005-07-04 3:18 ` [patch 5/12] lsm stacking v0.2: actual stacker module Tony Jones
2005-07-04 11:51 ` serge
2005-07-04 19:37 ` Tony Jones
2005-07-04 20:06 ` serge
2005-07-04 20:41 ` Tony Jones
2005-07-05 18:17 ` serge
2005-07-08 21:43 ` serue
2005-07-08 22:12 ` serue
2005-07-11 14:40 ` Stephen Smalley
2005-07-11 17:51 ` serue
2005-07-11 19:03 ` Stephen Smalley
2005-07-13 16:39 ` serue
2005-07-13 18:27 ` serue
2005-06-30 19:51 ` [patch 6/12] lsm stacking v0.2: stackable capability lsm serue
2005-06-30 19:52 ` serue [this message]
2005-06-30 19:53 ` [patch 8/12] lsm stacking v0.2: selinux: use security_*_value API serue
2005-06-30 19:53 ` [patch 9/12] lsm stacking v0.2: selinux: remove secondary support serue
2005-06-30 19:54 ` [patch 10/12] lsm stacking v0.2: hook completeness verification serue
2005-06-30 19:55 ` [patch 11/12] lsm stacking v0.2: /proc/$$/attr/ sharing serue
2005-06-30 19:55 ` [patch 12/12] lsm stacking v0.2: update seclvl for stacking serue
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050630195229.GG23538@serge.austin.ibm.com \
--to=serue@us.ibm.com \
--cc=akpm@osdl.org \
--cc=chrisw@osdl.org \
--cc=gerrit@us.ibm.com \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhalcrow@us.ibm.com \
--cc=safford@watson.ibm.com \
--cc=sailer@us.ibm.com \
--cc=sds@epoch.ncsc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).