diff options
author | James Morris <jmorris@namei.org> | 2007-10-17 02:31:32 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-10-17 11:43:07 -0400 |
commit | 20510f2f4e2dabb0ff6c13901807627ec9452f98 (patch) | |
tree | d64b9eeb90d577f7f9688a215c4c6c3c2405188a /Documentation | |
parent | 5c3b447457789374cdb7b03afe2540d48c649a36 (diff) |
security: Convert LSM into a static interface
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
overall security architecture.
Needlessly exported LSM symbols have been unexported, to help reduce API
abuse.
Parameters for the capability and root_plug modules are now specified
at boot.
The SECURITY_FRAMEWORK_VERSION macro has also been removed.
In a nutshell, there is no safe way to unload an LSM. The modular interface
is thus unecessary and broken infrastructure. It is used only by out-of-tree
modules, which are often binary-only, illegal, abusive of the API and
dangerous, e.g. silently re-vectoring SELinux.
[akpm@linux-foundation.org: cleanups]
[akpm@linux-foundation.org: USB Kconfig fix]
[randy.dunlap@oracle.com: fix LSM kernel-doc]
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: "Serge E. Hallyn" <serue@us.ibm.com>
Acked-by: Arjan van de Ven <arjan@infradead.org>
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/DocBook/kernel-api.tmpl | 2 | ||||
-rw-r--r-- | Documentation/kernel-parameters.txt | 17 |
2 files changed, 18 insertions, 1 deletions
diff --git a/Documentation/DocBook/kernel-api.tmpl b/Documentation/DocBook/kernel-api.tmpl index 083258f0eab5..d3290c46af51 100644 --- a/Documentation/DocBook/kernel-api.tmpl +++ b/Documentation/DocBook/kernel-api.tmpl | |||
@@ -340,7 +340,7 @@ X!Earch/x86/kernel/mca_32.c | |||
340 | 340 | ||
341 | <chapter id="security"> | 341 | <chapter id="security"> |
342 | <title>Security Framework</title> | 342 | <title>Security Framework</title> |
343 | !Esecurity/security.c | 343 | !Isecurity/security.c |
344 | </chapter> | 344 | </chapter> |
345 | 345 | ||
346 | <chapter id="audit"> | 346 | <chapter id="audit"> |
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index a0ed205e5351..63bda3637085 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt | |||
@@ -75,10 +75,12 @@ parameter is applicable: | |||
75 | PPT Parallel port support is enabled. | 75 | PPT Parallel port support is enabled. |
76 | PS2 Appropriate PS/2 support is enabled. | 76 | PS2 Appropriate PS/2 support is enabled. |
77 | RAM RAM disk support is enabled. | 77 | RAM RAM disk support is enabled. |
78 | ROOTPLUG The example Root Plug LSM is enabled. | ||
78 | S390 S390 architecture is enabled. | 79 | S390 S390 architecture is enabled. |
79 | SCSI Appropriate SCSI support is enabled. | 80 | SCSI Appropriate SCSI support is enabled. |
80 | A lot of drivers has their options described inside of | 81 | A lot of drivers has their options described inside of |
81 | Documentation/scsi/. | 82 | Documentation/scsi/. |
83 | SECURITY Different security models are enabled. | ||
82 | SELINUX SELinux support is enabled. | 84 | SELINUX SELinux support is enabled. |
83 | SERIAL Serial support is enabled. | 85 | SERIAL Serial support is enabled. |
84 | SH SuperH architecture is enabled. | 86 | SH SuperH architecture is enabled. |
@@ -373,6 +375,12 @@ and is between 256 and 4096 characters. It is defined in the file | |||
373 | possible to determine what the correct size should be. | 375 | possible to determine what the correct size should be. |
374 | This option provides an override for these situations. | 376 | This option provides an override for these situations. |
375 | 377 | ||
378 | capability.disable= | ||
379 | [SECURITY] Disable capabilities. This would normally | ||
380 | be used only if an alternative security model is to be | ||
381 | configured. Potentially dangerous and should only be | ||
382 | used if you are entirely sure of the consequences. | ||
383 | |||
376 | chandev= [HW,NET] Generic channel device initialisation | 384 | chandev= [HW,NET] Generic channel device initialisation |
377 | 385 | ||
378 | checkreqprot [SELINUX] Set initial checkreqprot flag value. | 386 | checkreqprot [SELINUX] Set initial checkreqprot flag value. |
@@ -1539,6 +1547,15 @@ and is between 256 and 4096 characters. It is defined in the file | |||
1539 | Useful for devices that are detected asynchronously | 1547 | Useful for devices that are detected asynchronously |
1540 | (e.g. USB and MMC devices). | 1548 | (e.g. USB and MMC devices). |
1541 | 1549 | ||
1550 | root_plug.vendor_id= | ||
1551 | [ROOTPLUG] Override the default vendor ID | ||
1552 | |||
1553 | root_plug.product_id= | ||
1554 | [ROOTPLUG] Override the default product ID | ||
1555 | |||
1556 | root_plug.debug= | ||
1557 | [ROOTPLUG] Enable debugging output | ||
1558 | |||
1542 | rw [KNL] Mount root device read-write on boot | 1559 | rw [KNL] Mount root device read-write on boot |
1543 | 1560 | ||
1544 | S [KNL] Run init in single mode | 1561 | S [KNL] Run init in single mode |