Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: security: fix up documentation for security_module_enable Security: Introduce security= boot parameter Audit: Final renamings and cleanup SELinux: use new audit hooks, remove redundant exports Audit: internally use the new LSM audit hooks LSM/Audit: Introduce generic Audit LSM hooks SELinux: remove redundant exports Netlink: Use generic LSM hook Audit: use new LSM hooks instead of SELinux exports SELinux: setup new inode/ipc getsecid hooks LSM: Introduce inode_getsecid and ipc_getsecid hooks
author: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-18 21:18:30 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-18 21:18:30 -0400
commit: 3925e6fc1f774048404fdd910b0345b06c699eb4 (patch)
tree: c9a58417d9492f39f7fe81d4721d674c34dd8be2 /security/smack
parent: 334d094504c2fe1c44211ecb49146ae6bca8c321 (diff)
parent: 7cea51be4e91edad05bd834f3235b45c57783f0d (diff)
3 files changed, 18 insertions, 2 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 62c1e982849d..4a4477f5afdc 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -15,6 +15,7 @@
 #include <linux/capability.h>
 #include <linux/spinlock.h>
+#include <linux/security.h>
 #include <net/netlabel.h>
 /*
@@ -187,6 +188,7 @@ extern struct smack_known smack_known_star;
 extern struct smack_known smack_known_unset;
 extern struct smk_list_entry *smack_list;
+extern struct security_operations smack_ops;
 /*
 * Stricly for CIPSO level manipulation.
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index e2d6f7cd9254..93f5b0ce662a 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2424,7 +2424,9 @@ static void smack_release_secctx(char *secdata, u32 seclen)
 {
 }
-static struct security_operations smack_ops = {
+struct security_operations smack_ops = {
+        .name =                         "smack",
        .ptrace =                       smack_ptrace,
        .capget =                       cap_capget,
        .capset_check =                 cap_capset_check,
@@ -2557,6 +2559,9 @@ static struct security_operations smack_ops = {
 */
 static __init int smack_init(void)
 {
+        if (!security_module_enable(&smack_ops))
+                return 0;
        printk(KERN_INFO "Smack:  Initializing.\n");
        /*
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index cfae8afcc262..6ba283783b70 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -965,12 +965,21 @@ static struct vfsmount *smackfs_mount;
 *
 * register the smackfs
 *
- * Returns 0 unless the registration fails.
+ * Do not register smackfs if Smack wasn't enabled
+ * on boot. We can not put this method normally under the
+ * smack_init() code path since the security subsystem get
+ * initialized before the vfs caches.
+ *
+ * Returns true if we were not chosen on boot or if
+ * we were chosen and filesystem registration succeeded.
 */
 static int __init init_smk_fs(void)
 {
        int err;
+        if (!security_module_enable(&smack_ops))
+                return 0;
        err = register_filesystem(&smk_fs_type);
        if (!err) {
                smackfs_mount = kern_mount(&smk_fs_type);
author	Linus Torvalds <torvalds@linux-foundation.org>	2008-04-18 21:18:30 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-04-18 21:18:30 -0400
commit	3925e6fc1f774048404fdd910b0345b06c699eb4 (patch)
tree	c9a58417d9492f39f7fe81d4721d674c34dd8be2 /security/smack
parent	334d094504c2fe1c44211ecb49146ae6bca8c321 (diff)
parent	7cea51be4e91edad05bd834f3235b45c57783f0d (diff)