* [PATCH v2 01/11] LSM: fix documentation for sb_copy_data hook
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
@ 2019-02-26 20:49 ` Denis Efremov
2019-02-26 20:49 ` [PATCH v2 02/11] LSM: fix documentation for the syslog hook Denis Efremov
` (13 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Denis Efremov @ 2019-02-26 20:49 UTC (permalink / raw)
To: Eric Paris
Cc: Denis Efremov, Casey Schaufler, Eric W. Biederman, Kees Cook,
John Johansen, James Morris, Serge E. Hallyn, Paul Moore,
Kentaro Takeda, linux-security-module, linux-kernel
The @type argument of the sb_copy_data hook was removed
in the commit "LSM/SELinux: Interfaces to allow FS to control
mount options" (e0007529893c). This commit removes the description
of the @type argument from the LSM documentation.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
---
include/linux/lsm_hooks.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 22fc786d723a..1a01383403b3 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -111,7 +111,6 @@
* options cleanly (a filesystem may modify the data e.g. with strsep()).
* This also allows the original mount data to be stripped of security-
* specific options to avoid having to make filesystems aware of them.
- * @type the type of filesystem being mounted.
* @orig the original mount data copied from userspace.
* @copy copied data which will be passed to the security module.
* Returns 0 if the copy was successful.
--
2.17.2
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v2 02/11] LSM: fix documentation for the syslog hook
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
2019-02-26 20:49 ` [PATCH v2 01/11] LSM: fix documentation for sb_copy_data hook Denis Efremov
@ 2019-02-26 20:49 ` Denis Efremov
2019-02-26 20:49 ` [PATCH v2 03/11] LSM: fix documentation for the socket_post_create hook Denis Efremov
` (12 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Denis Efremov @ 2019-02-26 20:49 UTC (permalink / raw)
To: Eric Paris
Cc: Denis Efremov, Casey Schaufler, Eric W. Biederman, Kees Cook,
John Johansen, James Morris, Serge E. Hallyn, Paul Moore,
Kentaro Takeda, linux-security-module, linux-kernel
The syslog hook was changed in the commit
"capabilities/syslog: open code cap_syslog logic to
fix build failure" (12b3052c3ee8). The argument @from_file
was removed from the hook. This patch updates the
documentation for the syslog hook accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
---
include/linux/lsm_hooks.h | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 1a01383403b3..3f0a0e2c5fba 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1275,8 +1275,7 @@
* Check permission before accessing the kernel message ring or changing
* logging to the console.
* See the syslog(2) manual page for an explanation of the @type values.
- * @type contains the type of action.
- * @from_file indicates the context of action (if it came from /proc).
+ * @type contains the SYSLOG_ACTION_* constant from <include/linux/syslog.h>
* Return 0 if permission is granted.
* @settime:
* Check permission to change the system time.
--
2.17.2
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v2 03/11] LSM: fix documentation for the socket_post_create hook
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
2019-02-26 20:49 ` [PATCH v2 01/11] LSM: fix documentation for sb_copy_data hook Denis Efremov
2019-02-26 20:49 ` [PATCH v2 02/11] LSM: fix documentation for the syslog hook Denis Efremov
@ 2019-02-26 20:49 ` Denis Efremov
2019-02-26 20:49 ` [PATCH v2 04/11] LSM: fix documentation for the task_setscheduler hook Denis Efremov
` (11 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Denis Efremov @ 2019-02-26 20:49 UTC (permalink / raw)
To: Casey Schaufler
Cc: Denis Efremov, Eric W. Biederman, Eric Paris, Kees Cook,
John Johansen, James Morris, Serge E. Hallyn, Paul Moore,
Kentaro Takeda, linux-security-module, linux-kernel
This patch slightly fixes the documentation for the
socket_post_create hook. The documentation states that
i_security field is accessible through inode field of socket
structure (i.e., 'sock->inode->i_security'). There is no inode
field in the socket structure. The i_security field is accessible
through SOCK_INODE macro. The patch updates the documentation
to reflect this.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
---
include/linux/lsm_hooks.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 3f0a0e2c5fba..90bbc11fdc13 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -752,9 +752,9 @@
* socket structure, but rather, the socket security information is stored
* in the associated inode. Typically, the inode alloc_security hook will
* allocate and and attach security information to
- * sock->inode->i_security. This hook may be used to update the
- * sock->inode->i_security field with additional information that wasn't
- * available when the inode was allocated.
+ * SOCK_INODE(sock)->i_security. This hook may be used to update the
+ * SOCK_INODE(sock)->i_security field with additional information that
+ * wasn't available when the inode was allocated.
* @sock contains the newly created socket structure.
* @family contains the requested protocol family.
* @type contains the requested communications type.
--
2.17.2
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v2 04/11] LSM: fix documentation for the task_setscheduler hook
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
` (2 preceding siblings ...)
2019-02-26 20:49 ` [PATCH v2 03/11] LSM: fix documentation for the socket_post_create hook Denis Efremov
@ 2019-02-26 20:49 ` Denis Efremov
2019-02-26 20:49 ` [PATCH v2 05/11] LSM: fix documentation for the socket_getpeersec_dgram hook Denis Efremov
` (10 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Denis Efremov @ 2019-02-26 20:49 UTC (permalink / raw)
To: Kees Cook
Cc: Denis Efremov, Casey Schaufler, Eric W. Biederman, Eric Paris,
John Johansen, James Morris, Serge E. Hallyn, Paul Moore,
Kentaro Takeda, linux-security-module, linux-kernel
The task_setscheduler hook was changed in the commit
"security: remove unused parameter from security_task_setscheduler()"
(b0ae19811375). The arguments @policy, @lp were removed from the hook.
This patch updates the documentation accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
---
include/linux/lsm_hooks.h | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 90bbc11fdc13..603659fb795a 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -655,10 +655,8 @@
* Return 0 if permission is granted.
* @task_setscheduler:
* Check permission before setting scheduling policy and/or parameters of
- * process @p based on @policy and @lp.
+ * process @p.
* @p contains the task_struct for process.
- * @policy contains the scheduling policy.
- * @lp contains the scheduling parameters.
* Return 0 if permission is granted.
* @task_getscheduler:
* Check permission before obtaining scheduling information for process
--
2.17.2
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v2 05/11] LSM: fix documentation for the socket_getpeersec_dgram hook
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
` (3 preceding siblings ...)
2019-02-26 20:49 ` [PATCH v2 04/11] LSM: fix documentation for the task_setscheduler hook Denis Efremov
@ 2019-02-26 20:49 ` Denis Efremov
2019-02-26 20:49 ` [PATCH v2 06/11] LSM: fix documentation for the path_chmod hook Denis Efremov
` (9 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Denis Efremov @ 2019-02-26 20:49 UTC (permalink / raw)
To: Stephen Smalley
Cc: Denis Efremov, Casey Schaufler, Eric W. Biederman, Eric Paris,
Kees Cook, John Johansen, James Morris, Serge E. Hallyn,
Paul Moore, Kentaro Takeda, linux-security-module, linux-kernel
The socket_getpeersec_dgram hook was changed in the commit
"[AF_UNIX]: Kernel memory leak fix for af_unix datagram
getpeersec patch" (dc49c1f94e34). The arguments @secdata
and @seclen were changed to @sock and @secid. This patch
updates the documentation accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
---
include/linux/lsm_hooks.h | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 603659fb795a..79011eff9795 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -857,13 +857,13 @@
* @socket_getpeersec_dgram:
* This hook allows the security module to provide peer socket security
* state for udp sockets on a per-packet basis to userspace via
- * getsockopt SO_GETPEERSEC. The application must first have indicated
- * the IP_PASSSEC option via getsockopt. It can then retrieve the
+ * getsockopt SO_GETPEERSEC. The application must first have indicated
+ * the IP_PASSSEC option via getsockopt. It can then retrieve the
* security state returned by this hook for a packet via the SCM_SECURITY
* ancillary message type.
- * @skb is the skbuff for the packet being queried
- * @secdata is a pointer to a buffer in which to copy the security data
- * @seclen is the maximum length for @secdata
+ * @sock contains the peer socket. May be NULL.
+ * @skb is the sk_buff for the packet being queried. May be NULL.
+ * @secid pointer to store the secid of the packet.
* Return 0 on success, error on failure.
* @sk_alloc_security:
* Allocate and attach a security structure to the sk->sk_security field,
--
2.17.2
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v2 06/11] LSM: fix documentation for the path_chmod hook
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
` (4 preceding siblings ...)
2019-02-26 20:49 ` [PATCH v2 05/11] LSM: fix documentation for the socket_getpeersec_dgram hook Denis Efremov
@ 2019-02-26 20:49 ` Denis Efremov
2019-02-26 20:49 ` [PATCH v2 07/11] LSM: fix documentation for the audit_* hooks Denis Efremov
` (8 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Denis Efremov @ 2019-02-26 20:49 UTC (permalink / raw)
To: Al Viro
Cc: Denis Efremov, Casey Schaufler, Eric W. Biederman, Eric Paris,
Kees Cook, John Johansen, James Morris, Serge E. Hallyn,
Paul Moore, Kentaro Takeda, linux-security-module, linux-kernel
The path_chmod hook was changed in the commit
"switch security_path_chmod() to struct path *" (cdcf116d44e7).
The argument @mnt was removed from the hook, @dentry was changed
to @path. This patch updates the documentation accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
---
include/linux/lsm_hooks.h | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 79011eff9795..feedd03cbd59 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -303,10 +303,11 @@
* @new_dentry contains the dentry structure of the new link.
* Return 0 if permission is granted.
* @path_chmod:
- * Check for permission to change DAC's permission of a file or directory.
- * @dentry contains the dentry structure.
- * @mnt contains the vfsmnt structure.
- * @mode contains DAC's mode.
+ * Check for permission to change a mode of the file @path. The new
+ * mode is specified in @mode.
+ * @path contains the path structure of the file to change the mode.
+ * @mode contains the new DAC's permission, which is a bitmask of
+ * constants from <include/uapi/linux/stat.h>
* Return 0 if permission is granted.
* @path_chown:
* Check for permission to change owner/group of a file or directory.
--
2.17.2
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v2 07/11] LSM: fix documentation for the audit_* hooks
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
` (5 preceding siblings ...)
2019-02-26 20:49 ` [PATCH v2 06/11] LSM: fix documentation for the path_chmod hook Denis Efremov
@ 2019-02-26 20:49 ` Denis Efremov
2019-02-26 20:49 ` [PATCH v2 08/11] LSM: fix documentation for the msg_queue_* hooks Denis Efremov
` (7 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Denis Efremov @ 2019-02-26 20:49 UTC (permalink / raw)
To: Casey Schaufler
Cc: Denis Efremov, Eric W. Biederman, Eric Paris, Kees Cook,
John Johansen, James Morris, Serge E. Hallyn, Paul Moore,
Kentaro Takeda, linux-security-module, linux-kernel
This patch updates the documentation for the audit_* hooks
to use the same arguments names as in the hook's declarations.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
---
include/linux/lsm_hooks.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index feedd03cbd59..1d60b07f30ab 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1329,9 +1329,9 @@
* -EINVAL in case of an invalid rule.
*
* @audit_rule_known:
- * Specifies whether given @rule contains any fields related to
+ * Specifies whether given @krule contains any fields related to
* current LSM.
- * @rule contains the audit rule of interest.
+ * @krule contains the audit rule of interest.
* Return 1 in case of relation found, 0 otherwise.
*
* @audit_rule_match:
@@ -1340,14 +1340,14 @@
* @secid contains the security id in question.
* @field contains the field which relates to current LSM.
* @op contains the operator that will be used for matching.
- * @rule points to the audit rule that will be checked against.
+ * @lsmrule points to the audit rule that will be checked against.
* @actx points to the audit context associated with the check.
* Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure.
*
* @audit_rule_free:
* Deallocate the LSM audit rule structure previously allocated by
* audit_rule_init.
- * @rule contains the allocated rule
+ * @lsmrule contains the allocated rule.
*
* @inode_invalidate_secctx:
* Notify the security module that it must revalidate the security context
--
2.17.2
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v2 08/11] LSM: fix documentation for the msg_queue_* hooks
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
` (6 preceding siblings ...)
2019-02-26 20:49 ` [PATCH v2 07/11] LSM: fix documentation for the audit_* hooks Denis Efremov
@ 2019-02-26 20:49 ` Denis Efremov
2019-02-26 20:49 ` [PATCH v2 09/11] LSM: fix documentation for the sem_* hooks Denis Efremov
` (6 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Denis Efremov @ 2019-02-26 20:49 UTC (permalink / raw)
To: Eric W. Biederman
Cc: Denis Efremov, Casey Schaufler, Eric Paris, Kees Cook,
John Johansen, James Morris, Serge E. Hallyn, Paul Moore,
Kentaro Takeda, linux-security-module, linux-kernel
The msg_queue_* hooks were changed in the commit
"msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue
security hooks" (d8c6e8543294). The type of the argument msq was changed
from msq_queue to kern_ipc_perm. This patch updates the documentation
for the hooks accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
---
include/linux/lsm_hooks.h | 38 +++++++++++++++++++-------------------
1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 1d60b07f30ab..5deea99aec18 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1095,41 +1095,41 @@
*
* @msg_queue_alloc_security:
* Allocate and attach a security structure to the
- * msq->q_perm.security field. The security field is initialized to
+ * @perm->security field. The security field is initialized to
* NULL when the structure is first created.
- * @msq contains the message queue structure to be modified.
+ * @perm contains the IPC permissions of the message queue.
* Return 0 if operation was successful and permission is granted.
* @msg_queue_free_security:
- * Deallocate security structure for this message queue.
- * @msq contains the message queue structure to be modified.
+ * Deallocate security field @perm->security for the message queue.
+ * @perm contains the IPC permissions of the message queue.
* @msg_queue_associate:
* Check permission when a message queue is requested through the
- * msgget system call. This hook is only called when returning the
+ * msgget system call. This hook is only called when returning the
* message queue identifier for an existing message queue, not when a
* new message queue is created.
- * @msq contains the message queue to act upon.
+ * @perm contains the IPC permissions of the message queue.
* @msqflg contains the operation control flags.
* Return 0 if permission is granted.
* @msg_queue_msgctl:
* Check permission when a message control operation specified by @cmd
- * is to be performed on the message queue @msq.
- * The @msq may be NULL, e.g. for IPC_INFO or MSG_INFO.
- * @msq contains the message queue to act upon. May be NULL.
+ * is to be performed on the message queue with permissions @perm.
+ * The @perm may be NULL, e.g. for IPC_INFO or MSG_INFO.
+ * @perm contains the IPC permissions of the msg queue. May be NULL.
* @cmd contains the operation to be performed.
* Return 0 if permission is granted.
* @msg_queue_msgsnd:
* Check permission before a message, @msg, is enqueued on the message
- * queue, @msq.
- * @msq contains the message queue to send message to.
+ * queue with permissions @perm.
+ * @perm contains the IPC permissions of the message queue.
* @msg contains the message to be enqueued.
* @msqflg contains operational flags.
* Return 0 if permission is granted.
* @msg_queue_msgrcv:
* Check permission before a message, @msg, is removed from the message
- * queue, @msq. The @target task structure contains a pointer to the
+ * queue. The @target task structure contains a pointer to the
* process that will be receiving the message (not equal to the current
* process when inline receives are being performed).
- * @msq contains the message queue to retrieve message from.
+ * @perm contains the IPC permissions of the message queue.
* @msg contains the message destination.
* @target contains the task structure for recipient process.
* @type contains the type of message requested.
@@ -1619,13 +1619,13 @@ union security_list_options {
int (*msg_msg_alloc_security)(struct msg_msg *msg);
void (*msg_msg_free_security)(struct msg_msg *msg);
- int (*msg_queue_alloc_security)(struct kern_ipc_perm *msq);
- void (*msg_queue_free_security)(struct kern_ipc_perm *msq);
- int (*msg_queue_associate)(struct kern_ipc_perm *msq, int msqflg);
- int (*msg_queue_msgctl)(struct kern_ipc_perm *msq, int cmd);
- int (*msg_queue_msgsnd)(struct kern_ipc_perm *msq, struct msg_msg *msg,
+ int (*msg_queue_alloc_security)(struct kern_ipc_perm *perm);
+ void (*msg_queue_free_security)(struct kern_ipc_perm *perm);
+ int (*msg_queue_associate)(struct kern_ipc_perm *perm, int msqflg);
+ int (*msg_queue_msgctl)(struct kern_ipc_perm *perm, int cmd);
+ int (*msg_queue_msgsnd)(struct kern_ipc_perm *perm, struct msg_msg *msg,
int msqflg);
- int (*msg_queue_msgrcv)(struct kern_ipc_perm *msq, struct msg_msg *msg,
+ int (*msg_queue_msgrcv)(struct kern_ipc_perm *perm, struct msg_msg *msg,
struct task_struct *target, long type,
int mode);
--
2.17.2
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v2 09/11] LSM: fix documentation for the sem_* hooks
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
` (7 preceding siblings ...)
2019-02-26 20:49 ` [PATCH v2 08/11] LSM: fix documentation for the msg_queue_* hooks Denis Efremov
@ 2019-02-26 20:49 ` Denis Efremov
2019-02-26 20:49 ` [PATCH v2 10/11] LSM: fix documentation for the shm_* hooks Denis Efremov
` (5 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Denis Efremov @ 2019-02-26 20:49 UTC (permalink / raw)
To: Eric W. Biederman
Cc: Denis Efremov, Casey Schaufler, Eric Paris, Kees Cook,
John Johansen, James Morris, Serge E. Hallyn, Paul Moore,
Kentaro Takeda, linux-security-module, linux-kernel
The sem_* hooks were changed in the commit
"sem/security: Pass kern_ipc_perm not sem_array into the
sem security hooks" (aefad9593ec5). The type of the argument
sma was changed from sem_array to kern_ipc_perm. This patch
updates the documentation for the hooks accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
---
include/linux/lsm_hooks.h | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 5deea99aec18..06fefe39a397 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1174,34 +1174,34 @@
* Security hooks for System V Semaphores
*
* @sem_alloc_security:
- * Allocate and attach a security structure to the sma->sem_perm.security
- * field. The security field is initialized to NULL when the structure is
+ * Allocate and attach a security structure to the @perm->security
+ * field. The security field is initialized to NULL when the structure is
* first created.
- * @sma contains the semaphore structure
+ * @perm contains the IPC permissions of the semaphore.
* Return 0 if operation was successful and permission is granted.
* @sem_free_security:
- * deallocate security struct for this semaphore
- * @sma contains the semaphore structure.
+ * Deallocate security structure @perm->security for the semaphore.
+ * @perm contains the IPC permissions of the semaphore.
* @sem_associate:
* Check permission when a semaphore is requested through the semget
- * system call. This hook is only called when returning the semaphore
+ * system call. This hook is only called when returning the semaphore
* identifier for an existing semaphore, not when a new one must be
* created.
- * @sma contains the semaphore structure.
+ * @perm contains the IPC permissions of the semaphore.
* @semflg contains the operation control flags.
* Return 0 if permission is granted.
* @sem_semctl:
* Check permission when a semaphore operation specified by @cmd is to be
- * performed on the semaphore @sma. The @sma may be NULL, e.g. for
+ * performed on the semaphore. The @perm may be NULL, e.g. for
* IPC_INFO or SEM_INFO.
- * @sma contains the semaphore structure. May be NULL.
+ * @perm contains the IPC permissions of the semaphore. May be NULL.
* @cmd contains the operation to be performed.
* Return 0 if permission is granted.
* @sem_semop:
* Check permissions before performing operations on members of the
- * semaphore set @sma. If the @alter flag is nonzero, the semaphore set
+ * semaphore set. If the @alter flag is nonzero, the semaphore set
* may be modified.
- * @sma contains the semaphore structure.
+ * @perm contains the IPC permissions of the semaphore.
* @sops contains the operations to perform.
* @nsops contains the number of operations to perform.
* @alter contains the flag indicating whether changes are to be made.
@@ -1636,11 +1636,11 @@ union security_list_options {
int (*shm_shmat)(struct kern_ipc_perm *shp, char __user *shmaddr,
int shmflg);
- int (*sem_alloc_security)(struct kern_ipc_perm *sma);
- void (*sem_free_security)(struct kern_ipc_perm *sma);
- int (*sem_associate)(struct kern_ipc_perm *sma, int semflg);
- int (*sem_semctl)(struct kern_ipc_perm *sma, int cmd);
- int (*sem_semop)(struct kern_ipc_perm *sma, struct sembuf *sops,
+ int (*sem_alloc_security)(struct kern_ipc_perm *perm);
+ void (*sem_free_security)(struct kern_ipc_perm *perm);
+ int (*sem_associate)(struct kern_ipc_perm *perm, int semflg);
+ int (*sem_semctl)(struct kern_ipc_perm *perm, int cmd);
+ int (*sem_semop)(struct kern_ipc_perm *perm, struct sembuf *sops,
unsigned nsops, int alter);
int (*netlink_send)(struct sock *sk, struct sk_buff *skb);
--
2.17.2
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v2 10/11] LSM: fix documentation for the shm_* hooks
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
` (8 preceding siblings ...)
2019-02-26 20:49 ` [PATCH v2 09/11] LSM: fix documentation for the sem_* hooks Denis Efremov
@ 2019-02-26 20:49 ` Denis Efremov
2019-02-26 20:49 ` [PATCH v2 11/11] LSM: lsm_hooks.h: fix documentation format Denis Efremov
` (4 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Denis Efremov @ 2019-02-26 20:49 UTC (permalink / raw)
To: Eric W. Biederman
Cc: Denis Efremov, Casey Schaufler, Eric Paris, Kees Cook,
John Johansen, James Morris, Serge E. Hallyn, Paul Moore,
Kentaro Takeda, linux-security-module, linux-kernel
The shm_* hooks were changed in the commit
"shm/security: Pass kern_ipc_perm not shmid_kernel into the
shm security hooks" (7191adff2a55). The type of the argument
shp was changed from shmid_kernel to kern_ipc_perm. This patch
updates the documentation for the hooks accordingly.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
---
include/linux/lsm_hooks.h | 36 ++++++++++++++++++------------------
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 06fefe39a397..f4a168c5e85c 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1139,34 +1139,34 @@
* Security hooks for System V Shared Memory Segments
*
* @shm_alloc_security:
- * Allocate and attach a security structure to the shp->shm_perm.security
- * field. The security field is initialized to NULL when the structure is
+ * Allocate and attach a security structure to the @perm->security
+ * field. The security field is initialized to NULL when the structure is
* first created.
- * @shp contains the shared memory structure to be modified.
+ * @perm contains the IPC permissions of the shared memory structure.
* Return 0 if operation was successful and permission is granted.
* @shm_free_security:
- * Deallocate the security struct for this memory segment.
- * @shp contains the shared memory structure to be modified.
+ * Deallocate the security structure @perm->security for the memory segment.
+ * @perm contains the IPC permissions of the shared memory structure.
* @shm_associate:
* Check permission when a shared memory region is requested through the
- * shmget system call. This hook is only called when returning the shared
+ * shmget system call. This hook is only called when returning the shared
* memory region identifier for an existing region, not when a new shared
* memory region is created.
- * @shp contains the shared memory structure to be modified.
+ * @perm contains the IPC permissions of the shared memory structure.
* @shmflg contains the operation control flags.
* Return 0 if permission is granted.
* @shm_shmctl:
* Check permission when a shared memory control operation specified by
- * @cmd is to be performed on the shared memory region @shp.
- * The @shp may be NULL, e.g. for IPC_INFO or SHM_INFO.
- * @shp contains shared memory structure to be modified.
+ * @cmd is to be performed on the shared memory region with permissions @perm.
+ * The @perm may be NULL, e.g. for IPC_INFO or SHM_INFO.
+ * @perm contains the IPC permissions of the shared memory structure.
* @cmd contains the operation to be performed.
* Return 0 if permission is granted.
* @shm_shmat:
* Check permissions prior to allowing the shmat system call to attach the
- * shared memory segment @shp to the data segment of the calling process.
- * The attaching address is specified by @shmaddr.
- * @shp contains the shared memory structure to be modified.
+ * shared memory segment with permissions @perm to the data segment of the
+ * calling process. The attaching address is specified by @shmaddr.
+ * @perm contains the IPC permissions of the shared memory structure.
* @shmaddr contains the address to attach memory region to.
* @shmflg contains the operational flags.
* Return 0 if permission is granted.
@@ -1629,11 +1629,11 @@ union security_list_options {
struct task_struct *target, long type,
int mode);
- int (*shm_alloc_security)(struct kern_ipc_perm *shp);
- void (*shm_free_security)(struct kern_ipc_perm *shp);
- int (*shm_associate)(struct kern_ipc_perm *shp, int shmflg);
- int (*shm_shmctl)(struct kern_ipc_perm *shp, int cmd);
- int (*shm_shmat)(struct kern_ipc_perm *shp, char __user *shmaddr,
+ int (*shm_alloc_security)(struct kern_ipc_perm *perm);
+ void (*shm_free_security)(struct kern_ipc_perm *perm);
+ int (*shm_associate)(struct kern_ipc_perm *perm, int shmflg);
+ int (*shm_shmctl)(struct kern_ipc_perm *perm, int cmd);
+ int (*shm_shmat)(struct kern_ipc_perm *perm, char __user *shmaddr,
int shmflg);
int (*sem_alloc_security)(struct kern_ipc_perm *perm);
--
2.17.2
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v2 11/11] LSM: lsm_hooks.h: fix documentation format
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
` (9 preceding siblings ...)
2019-02-26 20:49 ` [PATCH v2 10/11] LSM: fix documentation for the shm_* hooks Denis Efremov
@ 2019-02-26 20:49 ` Denis Efremov
2019-02-26 23:34 ` [PATCH v2 00/11] LSM documentation update Casey Schaufler
` (3 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Denis Efremov @ 2019-02-26 20:49 UTC (permalink / raw)
To: Kees Cook
Cc: Denis Efremov, Casey Schaufler, Eric W. Biederman, Eric Paris,
John Johansen, James Morris, Serge E. Hallyn, Paul Moore,
Kentaro Takeda, linux-security-module, linux-kernel
Fix for name mismatch and omitted colons in the
security_list_options documentation.
Signed-off-by: Denis Efremov <efremov@ispras.ru>
---
include/linux/lsm_hooks.h | 23 +++++++++--------------
1 file changed, 9 insertions(+), 14 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index f4a168c5e85c..bc5a2dc267d8 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -486,7 +486,7 @@
* Return 0 if permission is granted.
* @file_lock:
* Check permission before performing file locking operations.
- * Note: this hook mediates both flock and fcntl style locks.
+ * Note the hook mediates both flock and fcntl style locks.
* @file contains the file structure.
* @cmd contains the posix-translated lock operation to perform
* (e.g. F_RDLCK, F_WRLCK).
@@ -629,12 +629,12 @@
* @p contains the task_struct of process.
* @nice contains the new nice value.
* Return 0 if permission is granted.
- * @task_setioprio
+ * @task_setioprio:
* Check permission before setting the ioprio value of @p to @ioprio.
* @p contains the task_struct of process.
* @ioprio contains the new ioprio value
* Return 0 if permission is granted.
- * @task_getioprio
+ * @task_getioprio:
* Check permission before getting the ioprio value of @p.
* @p contains the task_struct of process.
* Return 0 if permission is granted.
@@ -664,7 +664,7 @@
* @p.
* @p contains the task_struct for process.
* Return 0 if permission is granted.
- * @task_movememory
+ * @task_movememory:
* Check permission before moving memory owned by process @p.
* @p contains the task_struct for process.
* Return 0 if permission is granted.
@@ -888,9 +888,9 @@
* @secmark_relabel_packet:
* check if the process should be allowed to relabel packets to
* the given secid
- * @security_secmark_refcount_inc
+ * @secmark_refcount_inc:
* tells the LSM to increment the number of secmark labeling rules loaded
- * @security_secmark_refcount_dec
+ * @secmark_refcount_dec:
* tells the LSM to decrement the number of secmark labeling rules loaded
* @req_classify_flow:
* Sets the flow's sid to the openreq sid.
@@ -1278,8 +1278,8 @@
* Return 0 if permission is granted.
* @settime:
* Check permission to change the system time.
- * struct timespec64 is defined in include/linux/time64.h and timezone
- * is defined in include/linux/time.h
+ * struct timespec64 is defined in <include/linux/time64.h> and timezone
+ * is defined in <include/linux/time.h>
* @ts contains new time
* @tz contains new timezone
* Return 0 if permission is granted.
@@ -1321,7 +1321,7 @@
* @audit_rule_init:
* Allocate and initialize an LSM audit rule structure.
* @field contains the required Audit action.
- * Fields flags are defined in include/linux/audit.h
+ * Fields flags are defined in <include/linux/audit.h>
* @op contains the operator the rule uses.
* @rulestr contains the context where the rule will be applied to.
* @lsmrule contains a pointer to receive the result.
@@ -1360,9 +1360,7 @@
* this hook to initialize the security context in its incore inode to the
* value provided by the server for the file when the server returned the
* file's attributes to the client.
- *
* Must be called with inode->i_mutex locked.
- *
* @inode we wish to set the security context of.
* @ctx contains the string which we wish to set in the inode.
* @ctxlen contains the length of @ctx.
@@ -1375,9 +1373,7 @@
* this hook to change the security context in its incore inode and on the
* backing filesystem to a value provided by the client on a SETATTR
* operation.
- *
* Must be called with inode->i_mutex locked.
- *
* @dentry contains the inode we wish to set the security context of.
* @ctx contains the string which we wish to set in the inode.
* @ctxlen contains the length of @ctx.
@@ -1385,7 +1381,6 @@
* @inode_getsecctx:
* On success, returns 0 and fills out @ctx and @ctxlen with the security
* context for the given @inode.
- *
* @inode we wish to get the security context of.
* @ctx is a pointer in which to place the allocated security context.
* @ctxlen points to the place to put the length of @ctx.
--
2.17.2
^ permalink raw reply related [flat|nested] 20+ messages in thread
* Re: [PATCH v2 00/11] LSM documentation update
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
` (10 preceding siblings ...)
2019-02-26 20:49 ` [PATCH v2 11/11] LSM: lsm_hooks.h: fix documentation format Denis Efremov
@ 2019-02-26 23:34 ` Casey Schaufler
2019-02-27 0:09 ` Kees Cook
` (2 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Casey Schaufler @ 2019-02-26 23:34 UTC (permalink / raw)
To: Denis Efremov, Kees Cook
Cc: Eric W. Biederman, Eric Paris, John Johansen, James Morris,
Serge E. Hallyn, Paul Moore, Kentaro Takeda,
linux-security-module, linux-kernel, casey
On 2/26/2019 12:49 PM, Denis Efremov wrote:
> Recent "New LSM Hooks" discussion has led me to the
> thought that it might be a good idea to slightly
> update the current documentation. The patchset adds
> nothing new to the documentation, only fixes the old
> description of hooks to reflect their current state.
>
> V2 adds the clarification on arguments for some hooks.
> The format of the documentation is also slightly updated
> for better html. However, there are still 10 hooks without
> documentation at all. I think that this should be fixed
> separatedly.
>
> Denis Efremov (11):
> LSM: fix documentation for sb_copy_data hook
> LSM: fix documentation for the syslog hook
> LSM: fix documentation for the socket_post_create hook
> LSM: fix documentation for the task_setscheduler hook
> LSM: fix documentation for the socket_getpeersec_dgram hook
> LSM: fix documentation for the path_chmod hook
> LSM: fix documentation for the audit_* hooks
> LSM: fix documentation for the msg_queue_* hooks
> LSM: fix documentation for the sem_* hooks
> LSM: fix documentation for the shm_* hooks
> LSM: lsm_hooks.h: fix documentation format
>
> include/linux/lsm_hooks.h | 170 ++++++++++++++++++--------------------
> 1 file changed, 81 insertions(+), 89 deletions(-)
You can mark the series
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v2 00/11] LSM documentation update
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
` (11 preceding siblings ...)
2019-02-26 23:34 ` [PATCH v2 00/11] LSM documentation update Casey Schaufler
@ 2019-02-27 0:09 ` Kees Cook
2019-02-27 15:10 ` Denis Efremov
2019-03-26 14:38 ` Denis Efremov
2019-03-27 2:22 ` James Morris
14 siblings, 1 reply; 20+ messages in thread
From: Kees Cook @ 2019-02-27 0:09 UTC (permalink / raw)
To: Denis Efremov
Cc: Casey Schaufler, Eric W. Biederman, Eric Paris, John Johansen,
James Morris, Serge E. Hallyn, Paul Moore, Kentaro Takeda,
linux-security-module, LKML, Jonathan Corbet,
open list:DOCUMENTATION
On Tue, Feb 26, 2019 at 12:49 PM Denis Efremov <efremov@ispras.ru> wrote:
> Recent "New LSM Hooks" discussion has led me to the
> thought that it might be a good idea to slightly
> update the current documentation. The patchset adds
> nothing new to the documentation, only fixes the old
> description of hooks to reflect their current state.
>
> V2 adds the clarification on arguments for some hooks.
> The format of the documentation is also slightly updated
> for better html. However, there are still 10 hooks without
> documentation at all. I think that this should be fixed
> separatedly.
>
> Denis Efremov (11):
> LSM: fix documentation for sb_copy_data hook
> LSM: fix documentation for the syslog hook
> LSM: fix documentation for the socket_post_create hook
> LSM: fix documentation for the task_setscheduler hook
> LSM: fix documentation for the socket_getpeersec_dgram hook
> LSM: fix documentation for the path_chmod hook
> LSM: fix documentation for the audit_* hooks
> LSM: fix documentation for the msg_queue_* hooks
> LSM: fix documentation for the sem_* hooks
> LSM: fix documentation for the shm_* hooks
> LSM: lsm_hooks.h: fix documentation format
>
> include/linux/lsm_hooks.h | 170 ++++++++++++++++++--------------------
> 1 file changed, 81 insertions(+), 89 deletions(-)
Awesome; thanks! This fixes several warnings in "make htmldocs":
./include/linux/lsm_hooks.h:1783: warning: Function parameter or
member 'task_setioprio' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1783: warning: Function parameter or
member 'task_getioprio' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1783: warning: Function parameter or
member 'task_movememory' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1783: warning: Function parameter or
member 'secmark_refcount_inc' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1783: warning: Function parameter or
member 'secmark_refcount_dec' not described in 'security_list_options'
So, for the series:
Acked-by: Kees Cook <keescook@chromium.org>
If you want more work, I do notice the following warnings are still present:
./include/linux/lsm_hooks.h:1775: warning: Function parameter or
member 'quotactl' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1775: warning: Function parameter or
member 'quota_on' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1775: warning: Function parameter or
member 'sb_free_mnt_opts' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1775: warning: Function parameter or
member 'sb_eat_lsm_opts' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1775: warning: Function parameter or
member 'sb_kern_mount' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1775: warning: Function parameter or
member 'sb_show_options' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1775: warning: Function parameter or
member 'sb_add_mnt_opt' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1775: warning: Function parameter or
member 'd_instantiate' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1775: warning: Function parameter or
member 'getprocattr' not described in 'security_list_options'
./include/linux/lsm_hooks.h:1775: warning: Function parameter or
member 'setprocattr' not described in 'security_list_options'
:)
--
Kees Cook
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v2 00/11] LSM documentation update
2019-02-27 0:09 ` Kees Cook
@ 2019-02-27 15:10 ` Denis Efremov
2019-02-27 16:27 ` Kees Cook
0 siblings, 1 reply; 20+ messages in thread
From: Denis Efremov @ 2019-02-27 15:10 UTC (permalink / raw)
To: Kees Cook
Cc: Casey Schaufler, Eric W. Biederman, Eric Paris, John Johansen,
James Morris, Serge E. Hallyn, Paul Moore, Kentaro Takeda,
linux-security-module, LKML, Jonathan Corbet,
open list:DOCUMENTATION
The rest of the warnings are about undocumented hooks. This patchset
fixes the existing documentation. I will try to document the hooks from
warnings in a separate patch. Some of the hooks are trivial enough, but
others require me digging into the code and mailing lists. Can't promise
to do it quickly.
27.02.2019 1:09, Kees Cook пишет:
> If you want more work, I do notice the following warnings are still present:
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v2 00/11] LSM documentation update
2019-02-27 15:10 ` Denis Efremov
@ 2019-02-27 16:27 ` Kees Cook
0 siblings, 0 replies; 20+ messages in thread
From: Kees Cook @ 2019-02-27 16:27 UTC (permalink / raw)
To: Denis Efremov
Cc: Casey Schaufler, Eric W. Biederman, Eric Paris, John Johansen,
James Morris, Serge E. Hallyn, Paul Moore, Kentaro Takeda,
linux-security-module, LKML, Jonathan Corbet,
open list:DOCUMENTATION
On Wed, Feb 27, 2019 at 7:10 AM Denis Efremov <efremov@ispras.ru> wrote:
> The rest of the warnings are about undocumented hooks. This patchset
> fixes the existing documentation. I will try to document the hooks from
> warnings in a separate patch. Some of the hooks are trivial enough, but
> others require me digging into the code and mailing lists. Can't promise
> to do it quickly.
No worries! What you've added already helps a lot. :)
--
Kees Cook
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v2 00/11] LSM documentation update
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
` (12 preceding siblings ...)
2019-02-27 0:09 ` Kees Cook
@ 2019-03-26 14:38 ` Denis Efremov
2019-03-26 14:53 ` Jonathan Corbet
2019-03-27 2:22 ` James Morris
14 siblings, 1 reply; 20+ messages in thread
From: Denis Efremov @ 2019-03-26 14:38 UTC (permalink / raw)
To: Jonathan Corbet
Cc: Casey Schaufler, Kees Cook, Eric W. Biederman, Eric Paris,
John Johansen, James Morris, Serge E. Hallyn, Paul Moore,
Kentaro Takeda, linux-security-module, linux-kernel,
open list:DOCUMENTATION
Is there something more I could do so that these changes are accepted?
At least this patchset fixes the documentation format for better html
generation.
Denis
26.02.2019 21:49, Denis Efremov пишет:
> Recent "New LSM Hooks" discussion has led me to the
> thought that it might be a good idea to slightly
> update the current documentation. The patchset adds
> nothing new to the documentation, only fixes the old
> description of hooks to reflect their current state.
>
> V2 adds the clarification on arguments for some hooks.
> The format of the documentation is also slightly updated
> for better html. However, there are still 10 hooks without
> documentation at all. I think that this should be fixed
> separatedly.
>
> Denis Efremov (11):
> LSM: fix documentation for sb_copy_data hook
> LSM: fix documentation for the syslog hook
> LSM: fix documentation for the socket_post_create hook
> LSM: fix documentation for the task_setscheduler hook
> LSM: fix documentation for the socket_getpeersec_dgram hook
> LSM: fix documentation for the path_chmod hook
> LSM: fix documentation for the audit_* hooks
> LSM: fix documentation for the msg_queue_* hooks
> LSM: fix documentation for the sem_* hooks
> LSM: fix documentation for the shm_* hooks
> LSM: lsm_hooks.h: fix documentation format
>
> include/linux/lsm_hooks.h | 170 ++++++++++++++++++--------------------
> 1 file changed, 81 insertions(+), 89 deletions(-)
>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v2 00/11] LSM documentation update
2019-03-26 14:38 ` Denis Efremov
@ 2019-03-26 14:53 ` Jonathan Corbet
2019-03-26 18:16 ` James Morris
0 siblings, 1 reply; 20+ messages in thread
From: Jonathan Corbet @ 2019-03-26 14:53 UTC (permalink / raw)
To: Denis Efremov
Cc: Casey Schaufler, Kees Cook, Eric W. Biederman, Eric Paris,
John Johansen, James Morris, Serge E. Hallyn, Paul Moore,
Kentaro Takeda, linux-security-module, linux-kernel,
open list:DOCUMENTATION
On Tue, 26 Mar 2019 15:38:21 +0100
Denis Efremov <efremov@ispras.ru> wrote:
> Is there something more I could do so that these changes are accepted?
> At least this patchset fixes the documentation format for better html
> generation.
I had assumed that this would go through the security tree, but can
certainly pick it up if that works better.
jon
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v2 00/11] LSM documentation update
2019-03-26 14:53 ` Jonathan Corbet
@ 2019-03-26 18:16 ` James Morris
0 siblings, 0 replies; 20+ messages in thread
From: James Morris @ 2019-03-26 18:16 UTC (permalink / raw)
To: Jonathan Corbet
Cc: Denis Efremov, Casey Schaufler, Kees Cook, Eric W. Biederman,
Eric Paris, John Johansen, Serge E. Hallyn, Paul Moore,
Kentaro Takeda, linux-security-module, linux-kernel,
open list:DOCUMENTATION
On Tue, 26 Mar 2019, Jonathan Corbet wrote:
> On Tue, 26 Mar 2019 15:38:21 +0100
> Denis Efremov <efremov@ispras.ru> wrote:
>
> > Is there something more I could do so that these changes are accepted?
> > At least this patchset fixes the documentation format for better html
> > generation.
>
> I had assumed that this would go through the security tree, but can
> certainly pick it up if that works better.
I'll take them for 5.2.
>
> jon
>
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v2 00/11] LSM documentation update
2019-02-26 20:49 [PATCH v2 00/11] LSM documentation update Denis Efremov
` (13 preceding siblings ...)
2019-03-26 14:38 ` Denis Efremov
@ 2019-03-27 2:22 ` James Morris
14 siblings, 0 replies; 20+ messages in thread
From: James Morris @ 2019-03-27 2:22 UTC (permalink / raw)
To: Denis Efremov
Cc: Casey Schaufler, Kees Cook, Eric W. Biederman, Eric Paris,
John Johansen, Serge E. Hallyn, Paul Moore, Kentaro Takeda,
linux-security-module, linux-kernel
On Tue, 26 Feb 2019, Denis Efremov wrote:
> Recent "New LSM Hooks" discussion has led me to the
> thought that it might be a good idea to slightly
> update the current documentation. The patchset adds
> nothing new to the documentation, only fixes the old
> description of hooks to reflect their current state.
>
> V2 adds the clarification on arguments for some hooks.
> The format of the documentation is also slightly updated
> for better html. However, there are still 10 hooks without
> documentation at all. I think that this should be fixed
> separatedly.
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general
Thanks!
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 20+ messages in thread