| Message ID | 20180412022536.GA8919@ircssh-2.c.rugged-nimbus-611.internal (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Sargun Dhillon wrote: > It appears like char * lsm on struct security_hook_list is unused. Even > since its inception: https://patchwork.kernel.org/patch/9525051/ > it hasn't been read, only written to. This removes that. It was preserved based on an assumption that complete stacking is accepted in near future, but still not available. Maybe we can delete this field for now? http://kernsec.org/pipermail/linux-security-module-archive/2017-March/000104.html -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 4/12/2018 7:18 AM, Tetsuo Handa wrote: > Sargun Dhillon wrote: >> It appears like char * lsm on struct security_hook_list is unused. Even >> since its inception: https://patchwork.kernel.org/patch/9525051/ >> it hasn't been read, only written to. This removes that. tl;dr - I hope to use it in 4.18 I have been trying to get my patch for Smack that creates a subdirectory in /proc/.../attr/ in for some time. That patch uses the lsm field in security_hook_list. While the Smack directory is very important for stacking, I want it regardless as reusing the SELinux attribute files was a mistake. > It was preserved based on an assumption that complete stacking is accepted in > near future, but still not available. Maybe we can delete this field for now? Yes, we can. There would be a merge conflict should I get my way on the Smack subdirectory. James, I *still* want /proc/.../attr/smack regardless of the rest of stacking. I want to start fixing the Smack user space. This is required, by stacking, but strongly desired in any case. > http://kernsec.org/pipermail/linux-security-module-archive/2017-March/000104.html > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index ac491137b10a..ea07e9cdfee0 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1966,7 +1966,6 @@ struct security_hook_list { struct hlist_node list; struct hlist_head *head; union security_list_options hook; - char *lsm; } __randomize_layout; /* diff --git a/security/security.c b/security/security.c index dd246a38b3f0..b0a34961d0a3 100644 --- a/security/security.c +++ b/security/security.c @@ -161,10 +161,8 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, { int i; - for (i = 0; i < count; i++) { - hooks[i].lsm = lsm; + for (i = 0; i < count; i++) hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); - } if (lsm_append(lsm, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__); }
It appears like char * lsm on struct security_hook_list is unused. Even since its inception: https://patchwork.kernel.org/patch/9525051/ it hasn't been read, only written to. This removes that. Signed-off-by: Sargun Dhillon <sargun@sargun.me> --- include/linux/lsm_hooks.h | 1 - security/security.c | 4 +--- 2 files changed, 1 insertion(+), 4 deletions(-)