On Wed, Aug 26, 2020 at 11:04 AM Casey Schaufler <[email protected]> wrote: > > Change the secid parameter of security_audit_rule_match > to a lsmblob structure pointer. Pass the entry from the > lsmblob structure for the approprite slot to the LSM hook. > > Change the users of security_audit_rule_match to use the > lsmblob instead of a u32. The scaffolding function lsmblob_init() > fills the blob with the value of the old secid, ensuring that > it is available to the appropriate module hook. The sources of > the secid, security_task_getsecid() and security_inode_getsecid(), > will be converted to use the blob structure later in the series. > At the point the use of lsmblob_init() is dropped. > > Reviewed-by: Kees Cook <[email protected]> > Reviewed-by: John Johansen <[email protected]> > Acked-by: Stephen Smalley <[email protected]> > Signed-off-by: Casey Schaufler <[email protected]> > --- > include/linux/security.h | 7 ++++--- > kernel/auditfilter.c | 6 ++++-- > kernel/auditsc.c | 14 ++++++++++---- > security/integrity/ima/ima.h | 4 ++-- > security/integrity/ima/ima_policy.c | 7 +++++-- > security/security.c | 10 ++++++++-- > 6 files changed, 33 insertions(+), 15 deletions(-)
Acked-by: Paul Moore <[email protected]> -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
