From: Sargun Dhillon <sargun@sargun.me>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: LSM <linux-security-module@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Casey Schaufler <casey@schaufler-ca.com>,
James Morris <jmorris@namei.org>,
Peter Dolding <oiaohm@gmail.com>,
Igor Stoppa <igor.stoppa@huawei.com>
Subject: Re: [PATCH v5 1/1] security: Add mechanism to safely (un)load LSMs after boot time
Date: Sun, 8 Apr 2018 21:21:41 -0700 [thread overview]
Message-ID: <CAMp4zn8GOFk9EKCS9JaEsKayDZ+pLFORWBRHPaCCsN--EyvFVg@mail.gmail.com> (raw)
In-Reply-To: <201804090338.w393crfv005435@www262.sakura.ne.jp>
On Sun, Apr 8, 2018 at 8:38 PM, Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
> Suggested changes on top of your patch:
>
> Replace "struct hlist_head *head" in "struct security_hook_list" with
> "const unsigned int offset" because there is no need to initialize with
> address of the immutable/mutable chains.
>
> Remove LSM_HOOK_INIT_MUTABLE() by embedding just offset (in bytes) from
> head of "struct security_hook_heads" into "struct security_hook_list"->offset.
>
> Make "struct security_hook_heads security_hook_heads" and
> "struct security_hook_heads security_hook_heads_mutable" local variables.
>
> Rename "struct security_hook_heads security_hook_heads" to
> "struct security_hook_heads security_mutable_hook_heads" and mark it as
> __ro_after_init.
>
> Add the fourth argument to security_add_hooks() which specifies to which
> chain (security_{mutable|immutable}_hook_heads) to connect.
>
> Make all built-in LSM modules (except SELinux if
> CONFIG_SECURITY_SELINUX_DISABLE=y) be connected to
> security_immutable_hook_heads.
>
> Rename __lsm_ro_after_init to __selinux_ro_after_init which is local to
> SELinux.
>
> Mark "struct security_hook_list"->hook const because it won't change.
>
> Mark "struct security_hook_list"->lsm const because none of
> security_add_hooks() callers are ready to modify the third argument.
>
> Remove SECURITY_HOOK_COUNT and "struct security_hook_list"->owner and
> the exception in randomize_layout_plugin.c because preventing module
> unloading won't work as expected.
>
Rather than completely removing the unloading code, might it make
sense to add a BUG_ON or WARN_ON, in security_delete_hooks if
allow_unload_module is false, and owner is not NULL?
next prev parent reply other threads:[~2018-04-09 4:22 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-08 6:59 [PATCH v5 1/1] security: Add mechanism to safely (un)load LSMs after boot time Sargun Dhillon
2018-04-09 3:38 ` Tetsuo Handa
2018-04-09 4:21 ` Sargun Dhillon [this message]
2018-04-09 5:25 ` Tetsuo Handa
2018-04-10 21:24 ` Sargun Dhillon
2018-04-11 14:17 ` Stephen Smalley
2018-04-11 21:36 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMp4zn8GOFk9EKCS9JaEsKayDZ+pLFORWBRHPaCCsN--EyvFVg@mail.gmail.com \
--to=sargun@sargun.me \
--cc=casey@schaufler-ca.com \
--cc=igor.stoppa@huawei.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=oiaohm@gmail.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).