Re: [patch 0/15] lsm stacking v0.3: intro

On Wed, Jul 27, 2005 at 01:17:32PM -0500, [email protected] wrote:

Hi Serge.

A few trivial things I noticed whilst writing some internal documentation
on Stacker.  Nothing deep here, but thought I'd pass them along.

I'll try to actually try out the code next week.

I made these notes as I was going along,  lmk if you need them annotated
to the original patch and I'll go back and redo.

Thanks again

Tony

1) Documentation refers to /security/stacker/list_modules,  code refers to
   "listmodules".  list_modules is more consistent with other file names.

2) symbol_get(ops) still at the end of stacker_register.

3) struct module_entry{
        struct list_head lsm_list;  /* list of active lsms */
        struct list_head all_lsms;  /* list of active lsms */

   fix comments

4) Would it be useful to change the struct elements lsm_list and all_lsms to
   be consistent with their list heads (stacked_modules and all_modules).

5) /*
 * Workarounds for the fact that get and setprocattr are used only by
 * selinux.  (Maybe)
 */

No complaints on selinux getting to avoid the (module), they are intree.
Just a FYI that SubDomain/AppArmor uses these hooks also.

6) stop_responding control file is misnamed, as stacker still continues to work
   it just removes the virtual file system

7) Does the lsm_list really need to be at the top of the struct?  Good style
but not sure it is required (must).

8) security-stack.h
 * If stacker is compiled in, then we use the full functions as
 * defined in security/security.c.  Otherwise we use the #defines
 * here.

I noticed the conditional CONFIG_SECURITY_STACKER code went away, previously
it would look at the value chain head only for the !case. But this comment
still remains.

> Hi,
> 
> The set of patches to follow introduces support for stacking LSMs.  This
> is its third posting to lkml.  I am sending it out in the hopes of
> soliciting more widespread feedback and testing, with the obvious eventual
> goal of mainline adoption.
> 
> Any feedback from people actually using this patch is appreciated.  Even
> better would be posts of (stackable) LSMs for upstream inclusion :)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [patch 0/15] lsm stacking v0.3: intro
  - From: [email protected]

References:
- [patch 0/15] lsm stacking v0.3: intro
  - From: [email protected]

Prev by Date: [2.6.13 PATCH] v4l: cx88 card support and documentation finishing touches
Next by Date: [PATCH for 2.6.13-rc4] V4L Miscelaneous fix
Previous by thread: Re: [patch 0/15] lsm stacking v0.3: intro
Next by thread: Re: [patch 0/15] lsm stacking v0.3: intro
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind]