Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 13 Jul 2019 09:35:53 +1000 (AEST)
From: James Morris <jmorris@...ei.org>
To: Salvatore Mesoraca <s.mesoraca16@...il.com>
cc: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com,
        linux-mm@...ck.org, linux-security-module@...r.kernel.org,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Brad Spengler <spender@...ecurity.net>,
        Casey Schaufler <casey@...aufler-ca.com>,
        Christoph Hellwig <hch@...radead.org>, Jann Horn <jannh@...gle.com>,
        Kees Cook <keescook@...omium.org>, PaX Team <pageexec@...email.hu>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH v5 03/12] S.A.R.A.: cred blob management

On Sat, 6 Jul 2019, Salvatore Mesoraca wrote:

> Creation of the S.A.R.A. cred blob management "API".
> In order to allow S.A.R.A. to be stackable with other LSMs, it doesn't use
> the "security" field of struct cred, instead it uses an ad hoc field named
> security_sara.
> This solution is probably not acceptable for upstream, so this part will
> be modified as soon as the LSM stackable cred blob management will be
> available.

This description is out of date wrt cred blob sharing.

> +	if (sara_data_init()) {
> +		pr_crit("impossible to initialize creds.\n");
> +		goto error;
> +	}
> +

> +int __init sara_data_init(void)
> +{
> +	security_add_hooks(data_hooks, ARRAY_SIZE(data_hooks), "sara");
> +	return 0;
> +}

This can't fail so make it return void and simplify the caller.



-- 
James Morris
<jmorris@...ei.org>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.