lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

LSM: Fix security_module_enable() error.

Browse Source 
We can set default LSM module to DAC (which means "enable no LSM module").
If default LSM module was set to DAC, security_module_enable() must return 0
unless overridden via boot time parameter.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Tetsuo Handa
2010-08-28 14:58:44 +09:00
committed by James Morris
parent daa6d83a28
commit 065d78a060
1 changed files with 2 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
security/security.c
View File

@@ -89,20 +89,12 @@ __setup("security=", choose_lsm);
* Return true if: * Return true if:
* -The passed LSM is the one chosen by user at boot time, * -The passed LSM is the one chosen by user at boot time,
* -or the passed LSM is configured as the default and the user did not * -or the passed LSM is configured as the default and the user did not
* choose an alternate LSM at boot time, * choose an alternate LSM at boot time.
* -or there is no default LSM set and the user didn't specify a
* specific LSM and we're the first to ask for registration permission,
* -or the passed LSM is currently loaded.
* Otherwise, return false. * Otherwise, return false.
*/ */
int __init security_module_enable(struct security_operations *ops) int __init security_module_enable(struct security_operations *ops)
{ {
if (!*chosen_lsm) return !strcmp(ops->name, chosen_lsm);
strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX);
else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX))
return 0;
return 1;
} }
/** /**