Commit 9b8c7c14 authored by Kees Cook's avatar Kees Cook Committed by James Morris
Browse files

LSM: Provide init debugging infrastructure 



Booting with "lsm.debug" will report future details on how LSM ordering
decisions are being made.

Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
Reviewed-by: default avatarJohn Johansen <john.johansen@canonical.com>
Reviewed-by: default avatarJames Morris <james.morris@microsoft.com>
Signed-off-by: default avatarJames Morris <james.morris@microsoft.com>
parent 07aed2f2

Documentation/admin-guide/kernel-parameters.txt

+2 −0
Original line number Original line Diff line number Diff line
@@ -2274,6 +2274,8 @@ 
	ltpc=		[NET]

	ltpc=		[NET]

			Format: <io>,<irq>,<dma>

			Format: <io>,<irq>,<dma>





	lsm.debug	[SECURITY] Enable LSM initialization debugging output.



	machvec=	[IA-64] Force the use of a particular machine-vector

	machvec=	[IA-64] Force the use of a particular machine-vector

			(machvec) in a generic kernel.

			(machvec) in a generic kernel.

			Example: machvec=hpzx1_swiotlb

			Example: machvec=hpzx1_swiotlb

security/security.c

+18 −0
Original line number Original line Diff line number Diff line
@@ -12,6 +12,8 @@ 
 *	(at your option) any later version.

 *	(at your option) any later version.

 */

 */





#define pr_fmt(fmt) "LSM: " fmt



#include <linux/bpf.h>

#include <linux/bpf.h>

#include <linux/capability.h>

#include <linux/capability.h>

#include <linux/dcache.h>

#include <linux/dcache.h>
@@ -43,11 +45,19 @@ char *lsm_names; 
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =

static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =

	CONFIG_DEFAULT_SECURITY;

	CONFIG_DEFAULT_SECURITY;





static __initdata bool debug;

#define init_debug(...)						\

	do {							\

		if (debug)					\

			pr_info(__VA_ARGS__);			\

	} while (0)



static void __init major_lsm_init(void)

static void __init major_lsm_init(void)

{

{

	struct lsm_info *lsm;

	struct lsm_info *lsm;





	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {

	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {

		init_debug("initializing %s\n", lsm->name);

		lsm->init();

		lsm->init();

	}

	}

}

}
@@ -91,6 +101,14 @@ static int __init choose_lsm(char *str) 
}

}

__setup("security=", choose_lsm);

__setup("security=", choose_lsm);





/* Enable LSM order debugging. */

static int __init enable_debug(char *str)

{

	debug = true;

	return 1;

}

__setup("lsm.debug", enable_debug);



static bool match_last_lsm(const char *list, const char *lsm)

static bool match_last_lsm(const char *list, const char *lsm)

{

{

	const char *last;

	const char *last;

CRA Git | Maintained and supported by SUSTech CRA and CCSE