Skip to content

paulsm #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
PaulRenauld wants to merge 2 commits into
base: master
Choose a base branch
from
Open

paulsm #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
53c0460
init paulsm
PaulRenauld Jun 10, 2020
d4dcf9f
license + description
PaulRenauld Jun 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions security/Kconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,7 @@ source "security/smack/Kconfig"
source "security/tomoyo/Kconfig"
source "security/apparmor/Kconfig"
source "security/loadpin/Kconfig"
source "security/paulsm/Kconfig"
source "security/yama/Kconfig"
source "security/safesetid/Kconfig"
source "security/lockdown/Kconfig"
Expand Down
2 changes: 2 additions & 0 deletions security/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
subdir-$(CONFIG_SECURITY_APPARMOR) += apparmor
subdir-$(CONFIG_SECURITY_YAMA) += yama
subdir-$(CONFIG_SECURITY_LOADPIN) += loadpin
subdir-$(CONFIG_SECURITY_PAULSM) += paulsm
subdir-$(CONFIG_SECURITY_SAFESETID) += safesetid
subdir-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown
subdir-$(CONFIG_BPF_LSM) += bpf
Expand All @@ -28,6 +29,7 @@ obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/
obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/
obj-$(CONFIG_SECURITY_YAMA) += yama/
obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/
obj-$(CONFIG_SECURITY_PAULSM) += paulsm/
obj-$(CONFIG_SECURITY_SAFESETID) += safesetid/
obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown/
obj-$(CONFIG_CGROUPS) += device_cgroup.o
Expand Down
12 changes: 12 additions & 0 deletions security/paulsm/Kconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# SPDX-License-Identifier: GPL-2.0-only
config SECURITY_PAULSM
bool "Prevents any file that starts with `paul` to be deleted"
depends on SECURITY && BLOCK
help
Any hard link unlinking on files that starts with `paul` will be prevented, and an error message will be displayed.

config SECURITY_PAULSM_ENFORCE
bool "Enforce paulsm at boot"
depends on SECURITY_PAULSM
help
If selected, paulsm will be enforced at boot.
2 changes: 2 additions & 0 deletions security/paulsm/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# SPDX-License-Identifier: GPL-2.0-only
obj-$(CONFIG_SECURITY_PAULSM) += paulsm.o
30 changes: 30 additions & 0 deletions security/paulsm/paulsm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
// SPDX-License-Identifier: GPL-2.0-only
#include <linux/module.h>
#include <linux/lsm_hooks.h>

static int paul_inode_unlink(struct inode *dir, struct dentry *dentry)
{
if (strncmp("paul", dentry->d_iname, 4) == 0) {
printk(KERN_ALERT "Paul's unlinking node alert: %s\n",
dentry->d_iname);
return 1;
}
return 0;
}

static struct security_hook_list paulsm_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(inode_unlink, paul_inode_unlink),
};

static int __init paulsm_init(void)
{
printk(KERN_ALERT "paulsm init");
security_add_hooks(paulsm_hooks, ARRAY_SIZE(paulsm_hooks), "paulsm");
return 0;
}

DEFINE_LSM(paulsm) = {
.name = "paulsm",
.init = paulsm_init,
};