Re: [PATCH v5 2/8] LSM: Maintain a table of LSM attribute data
From: Paul Moore
Date: Thu Jan 12 2023 - 15:53:46 EST
On Wed, Jan 11, 2023 at 7:36 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 1/11/2023 1:01 PM, Paul Moore wrote:
> > On Mon, Jan 9, 2023 at 1:07 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> >> As LSMs are registered add their lsm_id pointers to a table.
> >> This will be used later for attribute reporting.
> >>
> >> Determine the number of possible security modules based on
> >> their respective CONFIG options. This allows the number to be
> >> known at build time. This allows data structures and tables
> >> to use the constant.
> >>
> >> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> >> ---
> >> include/linux/security.h | 2 ++
> >> security/security.c | 44 +++++++++++++++++++++++++++++++++-------
> >> 2 files changed, 39 insertions(+), 7 deletions(-)
...
> >> diff --git a/security/security.c b/security/security.c
> >> index 07a8fe7f92bf..a590fa98ddd6 100644
> >> --- a/security/security.c
> >> +++ b/security/security.c
> >> @@ -388,7 +408,7 @@ static void __init ordered_lsm_init(void)
> >> for (lsm = ordered_lsms; *lsm; lsm++)
> >> initialize_lsm(*lsm);
> >>
> >> - kfree(ordered_lsms);
> >> + init_debug("lsm count = %d\n", lsm_active_cnt);
> >> }
> > Given 86ef3c735ec8 ("LSM: Better reporting of actual LSMs at boot"),
> > is this needed?
>
> None of what comes out from lsm.debug is strictly necessary, and
> human or script can parse "initializing lsm=", but sometimes the
> number of LSMs is interesting.
I guess what I was questioning is if printing the @lsm_active_cnt
variable provides any better information that what is already provided
by commit 86ef3c735ec8? We currently print the enabled/active LSMs
with lsm.debug, printing a count seems a bit redundant to me.
--
paul-moore.com