path: root/include/linux/lsm_hooks.h
diff options
authorLinus Torvalds <>2022-01-11 13:03:06 -0800
committerLinus Torvalds <>2022-01-11 13:03:06 -0800
commita135ce4400bb87f229ab33a663987327d9e0b2a0 (patch)
treed3ca45420412ad46ee34f189e7902ec45d62f32c /include/linux/lsm_hooks.h
parentdabd40ecaf693a18afd4c59c8d7280610d95b66e (diff)
parent6cd9d4b97891560b61681cad9cc4307ce0719abc (diff)
Merge tag 'selinux-pr-20220110' of git://
Pull selinux updates from Paul Moore: "Nothing too significant, but five SELinux patches for v5.17 that do the following: - Harden the code through additional use of the struct_size() macro - Plug some memory leaks - Clean up the code via removal of the security_add_mnt_opt() LSM hook and minor tweaks to selinux_add_opt() - Rename security_task_getsecid_subj() to better reflect its actual behavior/use - now called security_current_getsecid_subj()" * tag 'selinux-pr-20220110' of git:// selinux: minor tweaks to selinux_add_opt() selinux: fix potential memleak in selinux_add_opt() security,selinux: remove security_add_mnt_opt() selinux: Use struct_size() helper in kmalloc() lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()
Diffstat (limited to 'include/linux/lsm_hooks.h')
1 files changed, 3 insertions, 7 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index d45b6f6e27fd..3bf5c658bc44 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -180,8 +180,6 @@
* Copy all security options from a given superblock to another
* @oldsb old superblock which contain information to clone
* @newsb new superblock which needs filled in
- * @sb_add_mnt_opt:
- * Add one mount @option to @mnt_opts.
* @sb_parse_opts_str:
* Parse a string of security data filling in the opts structure
* @options string containing all mount options known by the LSM
@@ -719,11 +717,9 @@
* @p.
* @p contains the task_struct for the process.
* Return 0 if permission is granted.
- * @task_getsecid_subj:
- * Retrieve the subjective security identifier of the task_struct in @p
- * and return it in @secid. Special care must be taken to ensure that @p
- * is the either the "current" task, or the caller has exclusive access
- * to @p.
+ * @current_getsecid_subj:
+ * Retrieve the subjective security identifier of the current task and
+ * return it in @secid.
* In case of failure, @secid will be set to zero.
* @task_getsecid_obj:
* Retrieve the objective security identifier of the task_struct in @p