From: Casey Schaufler <casey@schaufler-ca.com>
To: LSM <linux-security-module@vger.kernel.org>,
LKLM <linux-kernel@vger.kernel.org>,
SE Linux <selinux@tycho.nsa.gov>,
James Morris <jmorris@namei.org>
Cc: John Johansen <john.johansen@canonical.com>,
Eric Paris <eparis@redhat.com>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Kees Cook <keescook@chromium.org>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: [PATCH v13 7/9] LSM: remove Yama special case stacking
Date: Tue, 23 Apr 2013 09:04:46 -0700 [thread overview]
Message-ID: <5176B11E.6010908@schaufler-ca.com> (raw)
In-Reply-To: <5176ABB7.5080300@schaufler-ca.com>
Subject: [PATCH v13 7/9] LSM: remove Yama special case stacking
Remove the special case stacking for Yama.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
security/security.c | 21 ---------------------
security/yama/Kconfig | 8 --------
security/yama/yama_lsm.c | 19 -------------------
3 files changed, 48 deletions(-)
diff --git a/security/security.c b/security/security.c
index d0b768c..67e435b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -138,23 +138,11 @@ int __init register_security(struct security_operations *ops)
int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
{
-#ifdef CONFIG_SECURITY_YAMA_STACKED
- int rc;
- rc = yama_ptrace_access_check(child, mode);
- if (rc)
- return rc;
-#endif
return security_ops->ptrace_access_check(child, mode);
}
int security_ptrace_traceme(struct task_struct *parent)
{
-#ifdef CONFIG_SECURITY_YAMA_STACKED
- int rc;
- rc = yama_ptrace_traceme(parent);
- if (rc)
- return rc;
-#endif
return security_ops->ptrace_traceme(parent);
}
@@ -783,9 +771,6 @@ int security_task_create(unsigned long clone_flags)
void security_task_free(struct task_struct *task)
{
-#ifdef CONFIG_SECURITY_YAMA_STACKED
- yama_task_free(task);
-#endif
security_ops->task_free(task);
}
@@ -911,12 +896,6 @@ int security_task_wait(struct task_struct *p)
int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
-#ifdef CONFIG_SECURITY_YAMA_STACKED
- int rc;
- rc = yama_task_prctl(option, arg2, arg3, arg4, arg5);
- if (rc != -ENOSYS)
- return rc;
-#endif
return security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
}
diff --git a/security/yama/Kconfig b/security/yama/Kconfig
index 20ef514..51d6709 100644
--- a/security/yama/Kconfig
+++ b/security/yama/Kconfig
@@ -11,11 +11,3 @@ config SECURITY_YAMA
Further information can be found in Documentation/security/Yama.txt.
If you are unsure how to answer this question, answer N.
-
-config SECURITY_YAMA_STACKED
- bool "Yama stacked with other LSMs"
- depends on SECURITY_YAMA
- default n
- help
- When Yama is built into the kernel, force it to stack with the
- selected primary LSM.
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 13c88fbc..63ad9bb 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -364,16 +364,6 @@ int yama_ptrace_traceme(struct task_struct *parent)
return rc;
}
-#ifndef CONFIG_SECURITY_YAMA_STACKED
-static struct security_operations yama_ops = {
- .name = "yama",
-
- .ptrace_access_check = yama_ptrace_access_check,
- .ptrace_traceme = yama_ptrace_traceme,
- .task_prctl = yama_task_prctl,
- .task_free = yama_task_free,
-};
-#endif
#ifdef CONFIG_SYSCTL
static int yama_dointvec_minmax(struct ctl_table *table, int write,
@@ -420,18 +410,9 @@ static struct ctl_table yama_sysctl_table[] = {
static __init int yama_init(void)
{
-#ifndef CONFIG_SECURITY_YAMA_STACKED
- if (!security_module_enable(&yama_ops))
- return 0;
-#endif
printk(KERN_INFO "Yama: becoming mindful.\n");
-#ifndef CONFIG_SECURITY_YAMA_STACKED
- if (register_security(&yama_ops))
- panic("Yama: kernel registration failed.\n");
-#endif
-
#ifdef CONFIG_SYSCTL
if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table))
panic("Yama: sysctl registration failed.\n");
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
WARNING: multiple messages have this Message-ID (diff)
From: Casey Schaufler <casey@schaufler-ca.com>
To: LSM <linux-security-module@vger.kernel.org>,
LKLM <linux-kernel@vger.kernel.org>,
SE Linux <selinux@tycho.nsa.gov>,
James Morris <jmorris@namei.org>
Cc: John Johansen <john.johansen@canonical.com>,
Eric Paris <eparis@redhat.com>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Kees Cook <keescook@chromium.org>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: [PATCH v13 7/9] LSM: remove Yama special case stacking
Date: Tue, 23 Apr 2013 09:04:46 -0700 [thread overview]
Message-ID: <5176B11E.6010908@schaufler-ca.com> (raw)
In-Reply-To: <5176ABB7.5080300@schaufler-ca.com>
Subject: [PATCH v13 7/9] LSM: remove Yama special case stacking
Remove the special case stacking for Yama.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
security/security.c | 21 ---------------------
security/yama/Kconfig | 8 --------
security/yama/yama_lsm.c | 19 -------------------
3 files changed, 48 deletions(-)
diff --git a/security/security.c b/security/security.c
index d0b768c..67e435b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -138,23 +138,11 @@ int __init register_security(struct security_operations *ops)
int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
{
-#ifdef CONFIG_SECURITY_YAMA_STACKED
- int rc;
- rc = yama_ptrace_access_check(child, mode);
- if (rc)
- return rc;
-#endif
return security_ops->ptrace_access_check(child, mode);
}
int security_ptrace_traceme(struct task_struct *parent)
{
-#ifdef CONFIG_SECURITY_YAMA_STACKED
- int rc;
- rc = yama_ptrace_traceme(parent);
- if (rc)
- return rc;
-#endif
return security_ops->ptrace_traceme(parent);
}
@@ -783,9 +771,6 @@ int security_task_create(unsigned long clone_flags)
void security_task_free(struct task_struct *task)
{
-#ifdef CONFIG_SECURITY_YAMA_STACKED
- yama_task_free(task);
-#endif
security_ops->task_free(task);
}
@@ -911,12 +896,6 @@ int security_task_wait(struct task_struct *p)
int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
-#ifdef CONFIG_SECURITY_YAMA_STACKED
- int rc;
- rc = yama_task_prctl(option, arg2, arg3, arg4, arg5);
- if (rc != -ENOSYS)
- return rc;
-#endif
return security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
}
diff --git a/security/yama/Kconfig b/security/yama/Kconfig
index 20ef514..51d6709 100644
--- a/security/yama/Kconfig
+++ b/security/yama/Kconfig
@@ -11,11 +11,3 @@ config SECURITY_YAMA
Further information can be found in Documentation/security/Yama.txt.
If you are unsure how to answer this question, answer N.
-
-config SECURITY_YAMA_STACKED
- bool "Yama stacked with other LSMs"
- depends on SECURITY_YAMA
- default n
- help
- When Yama is built into the kernel, force it to stack with the
- selected primary LSM.
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 13c88fbc..63ad9bb 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -364,16 +364,6 @@ int yama_ptrace_traceme(struct task_struct *parent)
return rc;
}
-#ifndef CONFIG_SECURITY_YAMA_STACKED
-static struct security_operations yama_ops = {
- .name = "yama",
-
- .ptrace_access_check = yama_ptrace_access_check,
- .ptrace_traceme = yama_ptrace_traceme,
- .task_prctl = yama_task_prctl,
- .task_free = yama_task_free,
-};
-#endif
#ifdef CONFIG_SYSCTL
static int yama_dointvec_minmax(struct ctl_table *table, int write,
@@ -420,18 +410,9 @@ static struct ctl_table yama_sysctl_table[] = {
static __init int yama_init(void)
{
-#ifndef CONFIG_SECURITY_YAMA_STACKED
- if (!security_module_enable(&yama_ops))
- return 0;
-#endif
printk(KERN_INFO "Yama: becoming mindful.\n");
-#ifndef CONFIG_SECURITY_YAMA_STACKED
- if (register_security(&yama_ops))
- panic("Yama: kernel registration failed.\n");
-#endif
-
#ifdef CONFIG_SYSCTL
if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table))
panic("Yama: sysctl registration failed.\n");
next prev parent reply other threads:[~2013-04-23 16:04 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <5176ABB7.5080300@schaufler-ca.com>
2013-04-23 16:04 ` [PATCH v13 0/9] LSM: Multiple concurrent LSMs Casey Schaufler
2013-04-23 16:04 ` Casey Schaufler
2013-04-24 18:57 ` Paul Moore
2013-04-24 18:57 ` Paul Moore
2013-04-24 20:22 ` Casey Schaufler
2013-04-24 20:22 ` Casey Schaufler
2013-04-24 21:15 ` Paul Moore
2013-04-24 21:15 ` Paul Moore
2013-04-24 23:00 ` John Johansen
2013-04-25 0:43 ` Casey Schaufler
2013-04-25 0:43 ` Casey Schaufler
2013-04-25 14:16 ` Tetsuo Handa
2013-04-25 15:01 ` Paul Moore
2013-04-25 15:01 ` Paul Moore
2013-04-25 18:09 ` Casey Schaufler
2013-04-25 18:09 ` Casey Schaufler
2013-04-25 19:14 ` Paul Moore
2013-04-25 19:14 ` Paul Moore
2013-04-25 20:21 ` Casey Schaufler
2013-04-25 20:21 ` Casey Schaufler
2013-04-25 21:05 ` Kees Cook
2013-04-25 21:26 ` Paul Moore
2013-04-25 21:26 ` Paul Moore
2013-04-23 16:04 ` [PATCH v13 1/9] LSM: Security blob abstraction Casey Schaufler
2013-04-23 16:04 ` Casey Schaufler
2013-04-23 16:04 ` [PATCH v13 2/9] LSM: Complete conversion to kill_pid_info_as_cred Casey Schaufler
2013-04-23 16:04 ` Casey Schaufler
2013-04-23 16:04 ` [PATCH v13 3/9] LSM: Multiple concurrent secids Casey Schaufler
2013-04-23 16:04 ` Casey Schaufler
2013-04-23 16:04 ` [PATCH v13 4/9] LSM: Multiple security context maintenance Casey Schaufler
2013-04-23 16:04 ` Casey Schaufler
2013-04-23 16:04 ` [PATCH v13 5/9] LSM: Networking component isolation Casey Schaufler
2013-04-23 16:04 ` Casey Schaufler
2013-04-24 18:51 ` Paul Moore
2013-04-24 18:51 ` Paul Moore
2013-04-24 19:09 ` Casey Schaufler
2013-04-24 19:09 ` Casey Schaufler
2013-04-24 21:04 ` Paul Moore
2013-04-24 21:04 ` Paul Moore
2013-04-23 16:04 ` [PATCH v13 6/9] LSM: Additional interfaces in /proc/pid/attr Casey Schaufler
2013-04-23 16:04 ` Casey Schaufler
2013-04-23 16:04 ` Casey Schaufler [this message]
2013-04-23 16:04 ` [PATCH v13 7/9] LSM: remove Yama special case stacking Casey Schaufler
2013-04-23 20:12 ` Kees Cook
2013-04-23 16:04 ` [PATCH v13 8/9] LSM: Hook list management Casey Schaufler
2013-04-23 16:04 ` Casey Schaufler
2013-04-23 16:05 ` [PATCH v13 9/9] LSM: Documentation and cleanup Casey Schaufler
2013-04-23 16:05 ` Casey Schaufler
2013-04-23 19:02 ` Randy Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5176B11E.6010908@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.