[PATCH v12 5/9] LSM: Multiple concurrent LSMs

From: Casey Schaufler
Date: Mon Jan 07 2013 - 21:09:03 EST

Next message: Frederic Weisbecker: "[PATCH 14/33] sched: Update rq clock on nohz CPU before setting fair group shares"
Previous message: Frederic Weisbecker: "[PATCH 03/33] cputime: Generic on-demand virtual cputime accounting"
In reply to: Casey Schaufler: "[PATCH v12 0/9] LSM: Multiple concurrent LSMs"
Next in thread: Casey Schaufler: "[PATCH v12 9/9] LSM: Multiple concurrent LSMs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Subject: [PATCH v12 5/9] LSM: Multiple concurrent LSMs

Change the infrastructure for Linux Security Modules (LSM)s
from a single vector of hook handlers to a list based method
for handling multiple concurrent modules.

Add per-LSM interfaces in /proc/*/attr as it is infeasible
to share them when more than one LSM is active.

Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>

---
fs/proc/base.c | 28 ++++++++++++++++++++++------
1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 9b43ff77..458422b 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2216,12 +2216,28 @@ static const struct file_operations proc_pid_attr_operations = {
};

static const struct pid_entry attr_dir_stuff[] = {
- REG("current", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
- REG("prev", S_IRUGO, proc_pid_attr_operations),
- REG("exec", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
- REG("fscreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
- REG("keycreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
- REG("sockcreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+ REG("current", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+ REG("prev", S_IRUGO, proc_pid_attr_operations),
+ REG("exec", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+ REG("fscreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+ REG("keycreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+ REG("sockcreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+#ifdef CONFIG_SECURITY_SELINUX
+ REG("selinux.current", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+ REG("selinux.prev", S_IRUGO, proc_pid_attr_operations),
+ REG("selinux.exec", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+ REG("selinux.fscreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+ REG("selinux.keycreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+ REG("selinux.sockcreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+#endif
+#ifdef CONFIG_SECURITY_SMACK
+ REG("smack.current", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+#endif
+#ifdef CONFIG_SECURITY_APPARMOR
+ REG("apparmor.current", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+ REG("apparmor.prev", S_IRUGO, proc_pid_attr_operations),
+ REG("apparmor.exec", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+#endif
};

static int proc_attr_dir_readdir(struct file * filp,

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Frederic Weisbecker: "[PATCH 14/33] sched: Update rq clock on nohz CPU before setting fair group shares"
Previous message: Frederic Weisbecker: "[PATCH 03/33] cputime: Generic on-demand virtual cputime accounting"
In reply to: Casey Schaufler: "[PATCH v12 0/9] LSM: Multiple concurrent LSMs"
Next in thread: Casey Schaufler: "[PATCH v12 9/9] LSM: Multiple concurrent LSMs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]