admin/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-12-07 20:06:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

LSM: Lift LSM selection out of individual LSMs

Browse Source 
As a prerequisite to adjusting LSM selection logic in the future, this
moves the selection logic up out of the individual major LSMs, making
their init functions only run when actually enabled. This considers all
LSMs enabled by default unless they specified an external "enable"
variable.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Kees Cook
2018-09-13 23:17:50 -07:00
parent c5459b829b
commit f4941d75b9
6 changed files with 73 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
security/selinux/hooks.c
View File

@@ -6928,16 +6928,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
static __init int selinux_init(void)
{
if (!security_module_enable("selinux")) {
selinux_enabled = 0;
return 0;
}
if (!selinux_enabled) {
pr_info("SELinux: Disabled at boot.\n");
return 0;
}
pr_info("SELinux: Initializing.\n");
memset(&selinux_state, 0, sizeof(selinux_state));