aboutsummaryrefslogtreecommitdiffstats
path: root/security/smack/smack_lsm.c
diff options
context:
space:
mode:
authorAhmed S. Darwish <darwish.07@gmail.com>2008-03-06 11:09:10 -0500
committerJames Morris <jmorris@namei.org>2008-04-18 20:00:51 -0400
commit076c54c5bcaed2081c0cba94a6f77c4d470236ad (patch)
tree5e8f05cab20a49922618bb3af697a6b46e610eee /security/smack/smack_lsm.c
parent04305e4aff8b0533dc05f9f6f1a34d0796bd985f (diff)
Security: Introduce security= boot parameter
Add the security= boot parameter. This is done to avoid LSM registration clashes in case of more than one bult-in module. User can choose a security module to enable at boot. If no security= boot parameter is specified, only the first LSM asking for registration will be loaded. An invalid security module name will be treated as if no module has been chosen. LSM modules must check now if they are allowed to register by calling security_module_enable(ops) first. Modify SELinux and SMACK to do so. Do not let SMACK register smackfs if it was not chosen on boot. Smackfs assumes that smack hooks are registered and the initial task security setup (swapper->security) is done. Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/smack/smack_lsm.c')
-rw-r--r--security/smack/smack_lsm.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 732ba27923c..904bdc01a12 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2424,7 +2424,9 @@ static void smack_release_secctx(char *secdata, u32 seclen)
2424{ 2424{
2425} 2425}
2426 2426
2427static struct security_operations smack_ops = { 2427struct security_operations smack_ops = {
2428 .name = "smack",
2429
2428 .ptrace = smack_ptrace, 2430 .ptrace = smack_ptrace,
2429 .capget = cap_capget, 2431 .capget = cap_capget,
2430 .capset_check = cap_capset_check, 2432 .capset_check = cap_capset_check,
@@ -2557,6 +2559,9 @@ static struct security_operations smack_ops = {
2557 */ 2559 */
2558static __init int smack_init(void) 2560static __init int smack_init(void)
2559{ 2561{
2562 if (!security_module_enable(&smack_ops))
2563 return 0;
2564
2560 printk(KERN_INFO "Smack: Initializing.\n"); 2565 printk(KERN_INFO "Smack: Initializing.\n");
2561 2566
2562 /* 2567 /*