aboutsummaryrefslogtreecommitdiffstats
path: root/security/security.c
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2012-09-04 16:32:13 -0400
committerJames Morris <james.l.morris@oracle.com>2012-09-05 17:12:31 -0400
commitc6993e4ac002c92bc75379212e9179c36d4bf7ee (patch)
treecdb4c800ea3cf4003b07087166cc767dab79032f /security/security.c
parent81198078d7da4240f3cbfc2c6a8ea6cd417f51a7 (diff)
security: allow Yama to be unconditionally stacked
Unconditionally call Yama when CONFIG_SECURITY_YAMA_STACKED is selected, no matter what LSM module is primary. Ubuntu and Chrome OS already carry patches to do this, and Fedora has voiced interest in doing this as well. Instead of having multiple distributions (or LSM authors) carrying these patches, just allow Yama to be called unconditionally when selected by the new CONFIG. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: Eric Paris <eparis@redhat.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index 860aeb349cb3..68c1b9b45d93 100644
--- a/security/security.c
+++ b/security/security.c
@@ -136,11 +136,23 @@ int __init register_security(struct security_operations *ops)
136 136
137int security_ptrace_access_check(struct task_struct *child, unsigned int mode) 137int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
138{ 138{
139#ifdef CONFIG_SECURITY_YAMA_STACKED
140 int rc;
141 rc = yama_ptrace_access_check(child, mode);
142 if (rc)
143 return rc;
144#endif
139 return security_ops->ptrace_access_check(child, mode); 145 return security_ops->ptrace_access_check(child, mode);
140} 146}
141 147
142int security_ptrace_traceme(struct task_struct *parent) 148int security_ptrace_traceme(struct task_struct *parent)
143{ 149{
150#ifdef CONFIG_SECURITY_YAMA_STACKED
151 int rc;
152 rc = yama_ptrace_traceme(parent);
153 if (rc)
154 return rc;
155#endif
144 return security_ops->ptrace_traceme(parent); 156 return security_ops->ptrace_traceme(parent);
145} 157}
146 158
@@ -761,6 +773,9 @@ int security_task_create(unsigned long clone_flags)
761 773
762void security_task_free(struct task_struct *task) 774void security_task_free(struct task_struct *task)
763{ 775{
776#ifdef CONFIG_SECURITY_YAMA_STACKED
777 yama_task_free(task);
778#endif
764 security_ops->task_free(task); 779 security_ops->task_free(task);
765} 780}
766 781
@@ -876,6 +891,12 @@ int security_task_wait(struct task_struct *p)
876int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 891int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
877 unsigned long arg4, unsigned long arg5) 892 unsigned long arg4, unsigned long arg5)
878{ 893{
894#ifdef CONFIG_SECURITY_YAMA_STACKED
895 int rc;
896 rc = yama_task_prctl(option, arg2, arg3, arg4, arg5);
897 if (rc != -ENOSYS)
898 return rc;
899#endif
879 return security_ops->task_prctl(option, arg2, arg3, arg4, arg5); 900 return security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
880} 901}
881 902