diff options
| author | Kees Cook <keescook@chromium.org> | 2018-09-14 02:17:50 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2019-01-08 16:18:42 -0500 |
| commit | f4941d75b9cba5e1fae1aebe0139dcca0703a294 (patch) | |
| tree | fca97d9b39b5291c138795b7e6262faba2dbec5b /security/selinux | |
| parent | c5459b829b716dafd226ad270f25c9a3050f7586 (diff) | |
LSM: Lift LSM selection out of individual LSMs
As a prerequisite to adjusting LSM selection logic in the future, this
moves the selection logic up out of the individual major LSMs, making
their init functions only run when actually enabled. This considers all
LSMs enabled by default unless they specified an external "enable"
variable.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 10 |
1 files changed, 0 insertions, 10 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f847514d6f03..0f8ae2fbd14a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -6928,16 +6928,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | |||
| 6928 | 6928 | ||
| 6929 | static __init int selinux_init(void) | 6929 | static __init int selinux_init(void) |
| 6930 | { | 6930 | { |
| 6931 | if (!security_module_enable("selinux")) { | ||
| 6932 | selinux_enabled = 0; | ||
| 6933 | return 0; | ||
| 6934 | } | ||
| 6935 | |||
| 6936 | if (!selinux_enabled) { | ||
| 6937 | pr_info("SELinux: Disabled at boot.\n"); | ||
| 6938 | return 0; | ||
| 6939 | } | ||
| 6940 | |||
| 6941 | pr_info("SELinux: Initializing.\n"); | 6931 | pr_info("SELinux: Initializing.\n"); |
| 6942 | 6932 | ||
| 6943 | memset(&selinux_state, 0, sizeof(selinux_state)); | 6933 | memset(&selinux_state, 0, sizeof(selinux_state)); |