Re: [PATCH v19 02/23] LSM: Create and manage the lsmblob data structure.

On Fri, Jul 24, 2020 at 4:35 PM Casey Schaufler <casey(a)schaufler-ca.com&gt; wrote: > When more than one security module is exporting data to > audit and networking sub-systems a single 32 bit integer > is no longer sufficient to represent the data. Add a > structure to be used instead. > > The lsmblob structure is currently an array of > u32 "secids". There is an entry for each of the > security modules built into the system that would > use secids if active. The system assigns the module > a "slot" when it registers hooks. If modules are > compiled in but not registered there will be unused > slots. > > A new lsm_id structure, which contains the name > of the LSM and its slot number, is created. There > is an instance for each LSM, which assigns the name > and passes it to the infrastructure to set the slot. > > The audit rules data is expanded to use an array of > security module data rather than a single instance. > Because IMA uses the audit rule functions it is > affected as well. > > Acked-by: Stephen Smalley <sds(a)tycho.nsa.gov&gt; > Acked-by: Paul Moore <paul(a)paul-moore.com&gt; > Signed-off-by: Casey Schaufler <casey(a)schaufler-ca.com&gt; With CONFIG_BPF_LSM=y:

security/bpf/hooks.c: In function ‘bpf_lsm_init’: security/bpf/hooks.c:18:63: error: passing argument 3 of ‘security_add_hooks’ from incompatible pointer type [-Werror=incompatible-pointer-types] 18 | security_add_hooks(bpf_lsm_hooks, ARRAY_SIZE(bpf_lsm_hooks), "bpf"); | ^~~~~ | | | char * In file included from security/bpf/hooks.c:6: ./include/linux/lsm_hooks.h:1592:26: note: expected ‘struct lsm_id *’ but argument is of type ‘char *’ 1592 | struct lsm_id *lsmid); | ~~~~~~~~~~~~~~~^~~~~