On Tue, Aug 27, 2024 at 7:02 PM Andrii Nakryiko
[off-list ref] wrote:

On Tue, Aug 13, 2024 at 4:03 PM Andrii Nakryiko [off-list ref] wrote:

quoted

There is no reason why struct path pointer shouldn't be const-qualified
when being passed into bpf_token_create() LSM hook. Add that const.

Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
---
 include/linux/lsm_hook_defs.h | 2 +-
 include/linux/security.h      | 4 ++--
 security/security.c           | 2 +-
 security/selinux/hooks.c      | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

Paul,

I just realized that I originally forgot to cc you and
linux-security-modules@ on this entire patch set and I apologize for
that. You can find the entire series at [0], if you'd like to see a
bit wider context.

But if you can, please check this patch specifically and give your
ack, if it's fine with you.

Hi Andrii,

Thanks for sending an email about this, many maintainers don't
remember to CC the LSM list when making changes like this and I really
appreciate it when people do, so thank you for that (even if it is a
teeny bit late <g>).  To be honest, I saw this patch back on the 14th
as I've got some tools which watch for LSM/security related commits
hitting linux-next or Linus' tree that don't originate from one of the
LSM trees and I thought it looked okay, my ACK is below.

Ideally we land this patch together with the rest of Al's and mine
refactorings, as it allows us to avoid that ugly path_get/path_put
workaround that was added by Al initially (see [1]). LSM-specific
changes are pretty trivial and hopefully are not controversial.

Acked-by: Paul Moore <paul@paul-moore.com> (LSM/SELinux)

-- 
paul-moore.com