On 7/19/2024 10:08 AM, Paul Moore wrote:
On Jul 11, 2024 Xu Kuohai xukuohai@huaweicloud.com wrote:
To be consistent with most LSM hooks, convert the return value of hook setprocattr to 0 or a negative error code.
Before:
- Hook setprocattr returns the number of bytes written on success or a negative error code on failure.
After:
- Hook setprocattr returns 0 on success or a negative error code on failure. An output parameter @wbytes is introduced to hold the number of bytes written on success.
Signed-off-by: Xu Kuohai xukuohai@huawei.com
fs/proc/base.c | 5 +++-- include/linux/lsm_hook_defs.h | 3 ++- include/linux/security.h | 5 +++-- security/apparmor/lsm.c | 10 +++++++--- security/security.c | 8 +++++--- security/selinux/hooks.c | 11 ++++++++--- security/smack/smack_lsm.c | 14 ++++++++++---- 7 files changed, 38 insertions(+), 18 deletions(-)
The security_setprocattr() hook is another odd case that we probably just want to leave alone for two reasons:
- With the move to LSM syscalls for getting/setting a task's LSM
attributes we are "freezing" the procfs API and not adding any new entries to it.
- The BPF LSM doesn't currently register any procfs entries.
I'd suggest leaving security_setprocattr() as-is and blocking it in the BPF verifier, I can't see any reason why a BPF LSM would need this hook.
OK, I'll drop this patch in the next version.