| Message ID | 20231026090259.362945-1-roberto.sassu@huaweicloud.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | security: Don't yet account for IMA in LSM_CONFIG_COUNT calculation | expand |
On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT > calculation, used to limit how many LSMs can invoke security_add_hooks(). > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > --- > security/security.c | 1 - > 1 file changed, 1 deletion(-) Merged into lsm/dev-staging, thanks! -- paul-moore.com
On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote: > On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT > > calculation, used to limit how many LSMs can invoke security_add_hooks(). > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > --- > > security/security.c | 1 - > > 1 file changed, 1 deletion(-) > > Merged into lsm/dev-staging, thanks! Welcome! Could you please also rebase lsm/dev-staging, to move ab3888c7198d ("LSM: wireup Linux Security Module syscalls") after f7875966dc0c ("tools headers UAPI: Sync files changed by new fchmodat2 and map_shadow_stack syscalls with the kernel sources")? Thanks Roberto
On Thu, Oct 26, 2023 at 11:12 AM Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote: > > On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > > > > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT > > > calculation, used to limit how many LSMs can invoke security_add_hooks(). > > > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > > --- > > > security/security.c | 1 - > > > 1 file changed, 1 deletion(-) > > > > Merged into lsm/dev-staging, thanks! > > Welcome! > > Could you please also rebase lsm/dev-staging, to move ab3888c7198d > ("LSM: wireup Linux Security Module syscalls") after f7875966dc0c > ("tools headers UAPI: Sync files changed by new fchmodat2 and > map_shadow_stack syscalls with the kernel sources")? Let me look into that, as long as it doesn't blow up the stuff in lsm/dev (I don't think it would), I'll go ahead and rebase to v6.6-rc4 which should resolve the syscall numbering conflict. FWIW, I also hit the same problem with my kernel-secnext builds, if you're using those RPMs you'll find it's already resolved there.
On Thu, Oct 26, 2023 at 11:59 AM Paul Moore <paul@paul-moore.com> wrote: > On Thu, Oct 26, 2023 at 11:12 AM Roberto Sassu > <roberto.sassu@huaweicloud.com> wrote: > > On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote: > > > On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > > > > > > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT > > > > calculation, used to limit how many LSMs can invoke security_add_hooks(). > > > > > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > > > --- > > > > security/security.c | 1 - > > > > 1 file changed, 1 deletion(-) > > > > > > Merged into lsm/dev-staging, thanks! > > > > Welcome! > > > > Could you please also rebase lsm/dev-staging, to move ab3888c7198d > > ("LSM: wireup Linux Security Module syscalls") after f7875966dc0c > > ("tools headers UAPI: Sync files changed by new fchmodat2 and > > map_shadow_stack syscalls with the kernel sources")? > > Let me look into that, as long as it doesn't blow up the stuff in > lsm/dev (I don't think it would), I'll go ahead and rebase to v6.6-rc4 > which should resolve the syscall numbering conflict. > > FWIW, I also hit the same problem with my kernel-secnext builds, if > you're using those RPMs you'll find it's already resolved there. That wasn't very messy so I've rebased lsm/dev-staging to v6.6-rc4 and regenerated lsm/next. If you notice any problems please let me know.
On Thu, Oct 26, 2023 at 12:36 PM Paul Moore <paul@paul-moore.com> wrote: > On Thu, Oct 26, 2023 at 11:59 AM Paul Moore <paul@paul-moore.com> wrote: > > On Thu, Oct 26, 2023 at 11:12 AM Roberto Sassu > > <roberto.sassu@huaweicloud.com> wrote: > > > On Thu, 2023-10-26 at 10:48 -0400, Paul Moore wrote: > > > > On Oct 26, 2023 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > > > > > > > > > Since IMA is not yet an LSM, don't account for it in the LSM_CONFIG_COUNT > > > > > calculation, used to limit how many LSMs can invoke security_add_hooks(). > > > > > > > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > > > > --- > > > > > security/security.c | 1 - > > > > > 1 file changed, 1 deletion(-) > > > > > > > > Merged into lsm/dev-staging, thanks! > > > > > > Welcome! > > > > > > Could you please also rebase lsm/dev-staging, to move ab3888c7198d > > > ("LSM: wireup Linux Security Module syscalls") after f7875966dc0c > > > ("tools headers UAPI: Sync files changed by new fchmodat2 and > > > map_shadow_stack syscalls with the kernel sources")? > > > > Let me look into that, as long as it doesn't blow up the stuff in > > lsm/dev (I don't think it would), I'll go ahead and rebase to v6.6-rc4 > > which should resolve the syscall numbering conflict. > > > > FWIW, I also hit the same problem with my kernel-secnext builds, if > > you're using those RPMs you'll find it's already resolved there. > > That wasn't very messy so I've rebased lsm/dev-staging to v6.6-rc4 and > regenerated lsm/next. If you notice any problems please let me know. Now merged into lsm/dev, thanks Roberto!
diff --git a/security/security.c b/security/security.c index 988483fcf153..7281aa90ca20 100644 --- a/security/security.c +++ b/security/security.c @@ -44,7 +44,6 @@ (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \ (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \ (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \ - (IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \ (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \ (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \ (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \