Re: [patch 0/15] lsm stacking v0.3: intro

On Wed, Jul 27, 2005 at 01:17:32PM -0500, [email protected] wrote:

Hi Serge.

A few trivial things I noticed whilst writing some internal documentation
on Stacker.  Nothing deep here, but thought I'd pass them along.

I'll try to actually try out the code next week.

I made these notes as I was going along,  lmk if you need them annotated
to the original patch and I'll go back and redo.

Thanks again

Tony


1) Documentation refers to /security/stacker/list_modules,  code refers to
   "listmodules".  list_modules is more consistent with other file names.

2) symbol_get(ops) still at the end of stacker_register.

3) struct module_entry{
        struct list_head lsm_list;  /* list of active lsms */
        struct list_head all_lsms;  /* list of active lsms */

   fix comments

4) Would it be useful to change the struct elements lsm_list and all_lsms to
   be consistent with their list heads (stacked_modules and all_modules).

5) /*
 * Workarounds for the fact that get and setprocattr are used only by
 * selinux.  (Maybe)
 */

No complaints on selinux getting to avoid the (module), they are intree.
Just a FYI that SubDomain/AppArmor uses these hooks also.

6) stop_responding control file is misnamed, as stacker still continues to work
   it just removes the virtual file system

7) Does the lsm_list really need to be at the top of the struct?  Good style
but not sure it is required (must).

8) security-stack.h
 * If stacker is compiled in, then we use the full functions as
 * defined in security/security.c.  Otherwise we use the #defines
 * here.

I noticed the conditional CONFIG_SECURITY_STACKER code went away, previously
it would look at the value chain head only for the !case. But this comment
still remains.

> Hi,
> 
> The set of patches to follow introduces support for stacking LSMs.  This
> is its third posting to lkml.  I am sending it out in the hopes of
> soliciting more widespread feedback and testing, with the obvious eventual
> goal of mainline adoption.
> 
> Any feedback from people actually using this patch is appreciated.  Even
> better would be posts of (stackable) LSMs for upstream inclusion :)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [patch 0/15] lsm stacking v0.3: intro
    • From: [email protected]

• References:
  • [patch 0/15] lsm stacking v0.3: intro
    • From: [email protected]

• Prev by Date: [2.6.13 PATCH] v4l: cx88 card support and documentation finishing touches
• Next by Date: [PATCH for 2.6.13-rc4] V4L Miscelaneous fix
• Previous by thread: Re: [patch 0/15] lsm stacking v0.3: intro
• Next by thread: Re: [patch 0/15] lsm stacking v0.3: intro
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]