summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2018-09-14 18:37:20 -0400
committerKees Cook <keescook@chromium.org>2019-01-08 16:18:43 -0500
commitd6aed64b74b73b64278c059eacd59d87167aa968 (patch)
tree0fd4b2e95d633d09a9f3d7e3711aeab68d328e88
parent70b62c25665f636c9f6c700b26af7df296b0887e (diff)
Yama: Initialize as ordered LSM
This converts Yama from being a direct "minor" LSM into an ordered LSM. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat
-rw-r--r--include/linux/lsm_hooks.h5
-rw-r--r--security/Kconfig2
-rw-r--r--security/security.c1
-rw-r--r--security/yama/yama_lsm.c8
4 files changed, 8 insertions, 8 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index fb1a653ccfcb..2849e9b2c01d 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -2090,10 +2090,5 @@ static inline void security_delete_hooks(struct security_hook_list *hooks,
2090#endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ 2090#endif /* CONFIG_SECURITY_WRITABLE_HOOKS */
2091 2091
2092extern void __init capability_add_hooks(void); 2092extern void __init capability_add_hooks(void);
2093#ifdef CONFIG_SECURITY_YAMA
2094extern void __init yama_add_hooks(void);
2095#else
2096static inline void __init yama_add_hooks(void) { }
2097#endif
2098 2093
2099#endif /* ! __LINUX_LSM_HOOKS_H */ 2094#endif /* ! __LINUX_LSM_HOOKS_H */
diff --git a/security/Kconfig b/security/Kconfig
index 2cd737ba7660..78dc12b7eeb3 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -241,7 +241,7 @@ source "security/integrity/Kconfig"
241 241
242config LSM 242config LSM
243 string "Ordered list of enabled LSMs" 243 string "Ordered list of enabled LSMs"
244 default "loadpin,integrity,selinux,smack,tomoyo,apparmor" 244 default "yama,loadpin,integrity,selinux,smack,tomoyo,apparmor"
245 help 245 help
246 A comma-separated list of LSMs, in initialization order. 246 A comma-separated list of LSMs, in initialization order.
247 Any LSMs left off this list will be ignored. This can be 247 Any LSMs left off this list will be ignored. This can be
diff --git a/security/security.c b/security/security.c
index b8d75f5a948d..35f93b7c585b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -274,7 +274,6 @@ int __init security_init(void)
274 * Load minor LSMs, with the capability module always first. 274 * Load minor LSMs, with the capability module always first.
275 */ 275 */
276 capability_add_hooks(); 276 capability_add_hooks();
277 yama_add_hooks();
278 277
279 /* Load LSMs in specified order. */ 278 /* Load LSMs in specified order. */
280 ordered_lsm_init(); 279 ordered_lsm_init();
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index ffda91a4a1aa..eb1da1303d2e 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -477,9 +477,15 @@ static void __init yama_init_sysctl(void)
477static inline void yama_init_sysctl(void) { } 477static inline void yama_init_sysctl(void) { }
478#endif /* CONFIG_SYSCTL */ 478#endif /* CONFIG_SYSCTL */
479 479
480void __init yama_add_hooks(void) 480static int __init yama_init(void)
481{ 481{
482 pr_info("Yama: becoming mindful.\n"); 482 pr_info("Yama: becoming mindful.\n");
483 security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); 483 security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama");
484 yama_init_sysctl(); 484 yama_init_sysctl();
485 return 0;
485} 486}
487
488DEFINE_LSM(yama) = {
489 .name = "yama",
490 .init = yama_init,
491};
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-22 12:18:18 -0400