LSM: Infrastructure management of the inode security Move management of the inode->i_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: Kees Cook <keescook@chromium.org>

commit: afb1cbe37440c7f38b9cf46fc331cc9dfd5cce21 [log] [tgz]
author: Casey Schaufler <casey@schaufler-ca.com> Fri Sep 21 17:19:29 2018 -0700
committer: Kees Cook <keescook@chromium.org> Tue Jan 08 13:18:45 2019 -0800
tree: 050d1e2575f9a79e20c67634660aef927981694c
parent: fb4021b6fb5818df1228a35b7e2645038d01bb9f [diff] [blame]
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index e8cef01..1c798e8 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h

@@ -2033,6 +2033,7 @@
 struct lsm_blob_sizes {
 	int	lbs_cred;
 	int	lbs_file;
+	int	lbs_inode;
 };
 
 /*
@@ -2104,6 +2105,8 @@
 #define __lsm_ro_after_init	__ro_after_init
 #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */
 
+extern int lsm_inode_alloc(struct inode *inode);
+
 #ifdef CONFIG_SECURITY
 void __init lsm_early_cred(struct cred *cred);
 #endif
commit	afb1cbe37440c7f38b9cf46fc331cc9dfd5cce21	[log] [tgz]
author	Casey Schaufler <casey@schaufler-ca.com>	Fri Sep 21 17:19:29 2018 -0700
committer	Kees Cook <keescook@chromium.org>	Tue Jan 08 13:18:45 2019 -0800
tree	050d1e2575f9a79e20c67634660aef927981694c
parent	fb4021b6fb5818df1228a35b7e2645038d01bb9f [diff] [blame]