qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Centos-kernel-stream-9/security/loadpin
History
Ondrej Mosnacek a595368cfb
LSM: Identify modules by more than name 
JIRA: https://issues.redhat.com/browse/RHEL-12439
Conflicts:
  - misc minor conflicts

commit f3b8788cde61b02f1e6c202f8fac4360e6adbafc
Author: Casey Schaufler <casey@schaufler-ca.com>
Date:   Tue Sep 12 13:56:46 2023 -0700

    LSM: Identify modules by more than name

    Create a struct lsm_id to contain identifying information about Linux
    Security Modules (LSMs). At inception this contains the name of the
    module and an identifier associated with the security module.  Change
    the security_add_hooks() interface to use this structure.  Change the
    individual modules to maintain their own struct lsm_id and pass it to
    security_add_hooks().

    The values are for LSM identifiers are defined in a new UAPI
    header file linux/lsm.h. Each existing LSM has been updated to
    include it's LSMID in the lsm_id.

    The LSM ID values are sequential, with the oldest module
    LSM_ID_CAPABILITY being the lowest value and the existing modules
    numbered in the order they were included in the main line kernel.
    This is an arbitrary convention for assigning the values, but
    none better presents itself. The value 0 is defined as being invalid.
    The values 1-99 are reserved for any special case uses which may
    arise in the future. This may include attributes of the LSM
    infrastructure itself, possibly related to namespacing or network
    attribute management. A special range is identified for such attributes
    to help reduce confusion for developers unfamiliar with LSMs.

    LSM attribute values are defined for the attributes presented by
    modules that are available today. As with the LSM IDs, The value 0
    is defined as being invalid. The values 1-99 are reserved for any
    special case uses which may arise in the future.

    Cc: linux-security-module <linux-security-module@vger.kernel.org>
    Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
    Reviewed-by: Kees Cook <keescook@chromium.org>
    Reviewed-by: Serge Hallyn <serge@hallyn.com>
    Reviewed-by: Mickael Salaun <mic@digikod.net>
    Reviewed-by: John Johansen <john.johansen@canonical.com>
    Signed-off-by: Kees Cook <keescook@chromium.org>
    Nacked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    [PM: forward ported beyond v6.6 due merge window changes]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
 		2024-11-28 14:50:19 +01:00
..
Kconfig LoadPin: Fix Kconfig doc about format of file with verity digests 2022-11-08 14:56:26 -06:00
Makefile
loadpin.c LSM: Identify modules by more than name 2024-11-28 14:50:19 +01:00