aboutsummaryrefslogtreecommitdiffstats
path: root/security/yama
diff options
context:
space:
mode:
Diffstat (limited to 'security/yama')
-rw-r--r--security/yama/Kconfig8
-rw-r--r--security/yama/yama_lsm.c16
2 files changed, 19 insertions, 5 deletions
diff --git a/security/yama/Kconfig b/security/yama/Kconfig
index 51d6709d8bbd..20ef5143c0c0 100644
--- a/security/yama/Kconfig
+++ b/security/yama/Kconfig
@@ -11,3 +11,11 @@ config SECURITY_YAMA
11 Further information can be found in Documentation/security/Yama.txt. 11 Further information can be found in Documentation/security/Yama.txt.
12 12
13 If you are unsure how to answer this question, answer N. 13 If you are unsure how to answer this question, answer N.
14
15config SECURITY_YAMA_STACKED
16 bool "Yama stacked with other LSMs"
17 depends on SECURITY_YAMA
18 default n
19 help
20 When Yama is built into the kernel, force it to stack with the
21 selected primary LSM.
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 0cc99a3ea42d..b4c29848b49d 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -100,7 +100,7 @@ static void yama_ptracer_del(struct task_struct *tracer,
100 * yama_task_free - check for task_pid to remove from exception list 100 * yama_task_free - check for task_pid to remove from exception list
101 * @task: task being removed 101 * @task: task being removed
102 */ 102 */
103static void yama_task_free(struct task_struct *task) 103void yama_task_free(struct task_struct *task)
104{ 104{
105 yama_ptracer_del(task, task); 105 yama_ptracer_del(task, task);
106} 106}
@@ -116,7 +116,7 @@ static void yama_task_free(struct task_struct *task)
116 * Return 0 on success, -ve on error. -ENOSYS is returned when Yama 116 * Return 0 on success, -ve on error. -ENOSYS is returned when Yama
117 * does not handle the given option. 117 * does not handle the given option.
118 */ 118 */
119static int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3, 119int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3,
120 unsigned long arg4, unsigned long arg5) 120 unsigned long arg4, unsigned long arg5)
121{ 121{
122 int rc; 122 int rc;
@@ -143,7 +143,7 @@ static int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3,
143 if (arg2 == 0) { 143 if (arg2 == 0) {
144 yama_ptracer_del(NULL, myself); 144 yama_ptracer_del(NULL, myself);
145 rc = 0; 145 rc = 0;
146 } else if (arg2 == PR_SET_PTRACER_ANY) { 146 } else if (arg2 == PR_SET_PTRACER_ANY || (int)arg2 == -1) {
147 rc = yama_ptracer_add(NULL, myself); 147 rc = yama_ptracer_add(NULL, myself);
148 } else { 148 } else {
149 struct task_struct *tracer; 149 struct task_struct *tracer;
@@ -243,7 +243,7 @@ static int ptracer_exception_found(struct task_struct *tracer,
243 * 243 *
244 * Returns 0 if following the ptrace is allowed, -ve on error. 244 * Returns 0 if following the ptrace is allowed, -ve on error.
245 */ 245 */
246static int yama_ptrace_access_check(struct task_struct *child, 246int yama_ptrace_access_check(struct task_struct *child,
247 unsigned int mode) 247 unsigned int mode)
248{ 248{
249 int rc; 249 int rc;
@@ -293,7 +293,7 @@ static int yama_ptrace_access_check(struct task_struct *child,
293 * 293 *
294 * Returns 0 if following the ptrace is allowed, -ve on error. 294 * Returns 0 if following the ptrace is allowed, -ve on error.
295 */ 295 */
296static int yama_ptrace_traceme(struct task_struct *parent) 296int yama_ptrace_traceme(struct task_struct *parent)
297{ 297{
298 int rc; 298 int rc;
299 299
@@ -324,6 +324,7 @@ static int yama_ptrace_traceme(struct task_struct *parent)
324 return rc; 324 return rc;
325} 325}
326 326
327#ifndef CONFIG_SECURITY_YAMA_STACKED
327static struct security_operations yama_ops = { 328static struct security_operations yama_ops = {
328 .name = "yama", 329 .name = "yama",
329 330
@@ -332,6 +333,7 @@ static struct security_operations yama_ops = {
332 .task_prctl = yama_task_prctl, 333 .task_prctl = yama_task_prctl,
333 .task_free = yama_task_free, 334 .task_free = yama_task_free,
334}; 335};
336#endif
335 337
336#ifdef CONFIG_SYSCTL 338#ifdef CONFIG_SYSCTL
337static int yama_dointvec_minmax(struct ctl_table *table, int write, 339static int yama_dointvec_minmax(struct ctl_table *table, int write,
@@ -378,13 +380,17 @@ static struct ctl_table yama_sysctl_table[] = {
378 380
379static __init int yama_init(void) 381static __init int yama_init(void)
380{ 382{
383#ifndef CONFIG_SECURITY_YAMA_STACKED
381 if (!security_module_enable(&yama_ops)) 384 if (!security_module_enable(&yama_ops))
382 return 0; 385 return 0;
386#endif
383 387
384 printk(KERN_INFO "Yama: becoming mindful.\n"); 388 printk(KERN_INFO "Yama: becoming mindful.\n");
385 389
390#ifndef CONFIG_SECURITY_YAMA_STACKED
386 if (register_security(&yama_ops)) 391 if (register_security(&yama_ops))
387 panic("Yama: kernel registration failed.\n"); 392 panic("Yama: kernel registration failed.\n");
393#endif
388 394
389#ifdef CONFIG_SYSCTL 395#ifdef CONFIG_SYSCTL
390 if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table)) 396 if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table))