![]() |
|
Message-ID: <CAJHCu1+35GhGJY8jDMPEU8meYhJTVgvzY5sJgVCuLrxCoGgHEg@mail.gmail.com> Date: Sun, 7 Jul 2019 18:01:31 +0200 From: Salvatore Mesoraca <s.mesoraca16@...il.com> To: Jann Horn <jannh@...gle.com> Cc: kernel list <linux-kernel@...r.kernel.org>, Kernel Hardening <kernel-hardening@...ts.openwall.com>, Linux-MM <linux-mm@...ck.org>, linux-security-module <linux-security-module@...r.kernel.org>, Alexander Viro <viro@...iv.linux.org.uk>, Brad Spengler <spender@...ecurity.net>, Casey Schaufler <casey@...aufler-ca.com>, Christoph Hellwig <hch@...radead.org>, Kees Cook <keescook@...omium.org>, PaX Team <pageexec@...email.hu>, "Serge E. Hallyn" <serge@...lyn.com>, Thomas Gleixner <tglx@...utronix.de>, James Morris <jmorris@...ei.org>, John Johansen <john.johansen@...onical.com> Subject: Re: [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching Jann Horn <jannh@...gle.com> wrote: > > On Sat, Jul 6, 2019 at 12:55 PM Salvatore Mesoraca > <s.mesoraca16@...il.com> wrote: > > Creation of a generic Discrete Finite Automata implementation > > for string matching. The transition tables have to be produced > > in user-space. > > This allows us to possibly support advanced string matching > > patterns like regular expressions, but they need to be supported > > by user-space tools. > > AppArmor already has a DFA implementation that takes a DFA machine > from userspace and runs it against file paths; see e.g. > aa_dfa_match(). Did you look into whether you could move their DFA to > some place like lib/ and reuse it instead of adding yet another > generic rule interface to the kernel? Yes, using AppArmor DFA cloud be a possibility. Though, I didn't know how AppArmor's maintainers feel about this. I thought that was easier to just implement my own. Anyway I understand that re-using that code would be the optimal solution. I'm adding in CC AppArmor's maintainers, let's see what they think about this. > > +++ b/security/sara/dfa.c > > @@ -0,0 +1,335 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > + > > +/* > > + * S.A.R.A. Linux Security Module > > + * > > + * Copyright (C) 2017 Salvatore Mesoraca <s.mesoraca16@...il.com> > > + * > > + * This program is free software; you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License version 2, as > > + * published by the Free Software Foundation. > > Throughout the series, you are adding files that both add an SPDX > identifier and have a description of the license in the comment block > at the top. The SPDX identifier already identifies the license. I added the license description because I thought it was required anyway. IANAL, if you tell me that SPDX it's enough I'll remove the description. Thank you for your comments.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.