Re: [RFC PATCH v2 2/2] docs: add fail_lsm_hooks info to fault-injection.rst
From: Akinobu Mita <akinobu.mita@gmail.com>
Date: 2020-10-27 16:26:42
Also in:
lkml
2020年10月26日(月) 21:52 Aleksandr Nogikh [off-list ref]:
quoted hunk ↗ jump to hunk
From: Aleksandr Nogikh <redacted> Describe fail_lsm_hooks fault injection capability. Signed-off-by: Aleksandr Nogikh <redacted> --- v2: - Added this commit. --- Documentation/fault-injection/fault-injection.rst | 6 ++++++ 1 file changed, 6 insertions(+)diff --git a/Documentation/fault-injection/fault-injection.rst b/Documentation/fault-injection/fault-injection.rst index 31ecfe44e5b4..48705adfbc18 100644 --- a/Documentation/fault-injection/fault-injection.rst +++ b/Documentation/fault-injection/fault-injection.rst@@ -48,6 +48,12 @@ Available fault injection capabilities status code is NVME_SC_INVALID_OPCODE with no retry. The status code and retry flag can be set via the debugfs. +- fail_lsm_hooks + + injects failures into LSM hooks. When a fault is injected, actual hooks + are not executed and a code from /sys/kernel/debug/fail_lsm_hooks/retval + is returned (the default value is -EACCES).
In addition to this global one, what do you think about per-hook fault injection, i.e. /sys/kernel/debug/fail_lsm_hooks/<FUNC>/retval ? In this case, we need a fault_attr for each hook. (Maybe, we can use the same technique that is used to define security_hook_heads).