security: Convert LSM into a static interface (20510f2f) · Commits · 戴 / test

Documentation/DocBook/kernel-api.tmpl

+1 −1

Original line number	Diff line number	Diff line
		@@ -340,7 +340,7 @@ X!Earch/x86/kernel/mca_32.c

		<chapter id="security">
		<title>Security Framework</title>
		!Esecurity/security.c
		!Isecurity/security.c
		</chapter>

		<chapter id="audit">

+17 −0

Original line number	Diff line number	Diff line
		@@ -75,10 +75,12 @@ parameter is applicable:
		PPT Parallel port support is enabled.
		PS2 Appropriate PS/2 support is enabled.
		RAM RAM disk support is enabled.
		ROOTPLUG The example Root Plug LSM is enabled.
		S390 S390 architecture is enabled.
		SCSI Appropriate SCSI support is enabled.
		A lot of drivers has their options described inside of
		Documentation/scsi/.
		SECURITY Different security models are enabled.
		SELINUX SELinux support is enabled.
		SERIAL Serial support is enabled.
		SH SuperH architecture is enabled.
		@@ -373,6 +375,12 @@ and is between 256 and 4096 characters. It is defined in the file
		possible to determine what the correct size should be.
		This option provides an override for these situations.

		capability.disable=
		[SECURITY] Disable capabilities. This would normally
		be used only if an alternative security model is to be
		configured. Potentially dangerous and should only be
		used if you are entirely sure of the consequences.

		chandev= [HW,NET] Generic channel device initialisation

		checkreqprot [SELINUX] Set initial checkreqprot flag value.
		@@ -1539,6 +1547,15 @@ and is between 256 and 4096 characters. It is defined in the file
		Useful for devices that are detected asynchronously
		(e.g. USB and MMC devices).

		root_plug.vendor_id=
		[ROOTPLUG] Override the default vendor ID

		root_plug.product_id=
		[ROOTPLUG] Override the default product ID

		root_plug.debug=
		[ROOTPLUG] Enable debugging output

		rw [KNL] Mount root device read-write on boot

		S [KNL] Run init in single mode

+206 −984

File changed.

Preview size limit exceeded, changes collapsed.

+3 −3

Original line number	Diff line number	Diff line
		@@ -74,15 +74,15 @@ config SECURITY_NETWORK_XFRM
		If you are unsure how to answer this question, answer N.

		config SECURITY_CAPABILITIES
		tristate "Default Linux Capabilities"
		bool "Default Linux Capabilities"
		depends on SECURITY
		help
		This enables the "default" Linux capabilities functionality.
		If you are unsure how to answer this question, answer Y.

		config SECURITY_ROOTPLUG
		tristate "Root Plug Support"
		depends on USB && SECURITY
		bool "Root Plug Support"
		depends on USB=y && SECURITY
		help
		This is a sample LSM module that should only be used as such.
		It prevents any programs running with egid == 0 if a specific

+0 −24

Original line number	Diff line number	Diff line
		@@ -8,7 +8,6 @@
		*
		*/

		#include <linux/module.h>
		#include <linux/init.h>
		#include <linux/kernel.h>
		#include <linux/security.h>
		@@ -52,7 +51,6 @@ static int secondary;

		static int capability_disable;
		module_param_named(disable, capability_disable, int, 0);
		MODULE_PARM_DESC(disable, "To disable capabilities module set disable = 1");

		static int __init capability_init (void)
		{
		@@ -75,26 +73,4 @@ static int __init capability_init (void)
		return 0;
		}

		static void __exit capability_exit (void)
		{
		if (capability_disable)
		return;
		/* remove ourselves from the security framework */
		if (secondary) {
		if (mod_unreg_security (KBUILD_MODNAME, &capability_ops))
		printk (KERN_INFO "Failure unregistering capabilities "
		"with primary module.\n");
		return;
		}

		if (unregister_security (&capability_ops)) {
		printk (KERN_INFO
		"Failure unregistering capabilities with the kernel\n");
		}
		}

		security_initcall (capability_init);
		module_exit (capability_exit);

		MODULE_DESCRIPTION("Standard Linux Capabilities Security Module");
		MODULE_LICENSE("GPL");