security: remove dummy module
Remove the dummy module and make the "capability" module the default. Compile and boot tested. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
b478a9f988
commit
5915eb5386
5 changed files with 998 additions and 1342 deletions
|
@ -73,17 +73,9 @@ config SECURITY_NETWORK_XFRM
|
|||
IPSec.
|
||||
If you are unsure how to answer this question, answer N.
|
||||
|
||||
config SECURITY_CAPABILITIES
|
||||
bool "Default Linux Capabilities"
|
||||
depends on SECURITY
|
||||
default y
|
||||
help
|
||||
This enables the "default" Linux capabilities functionality.
|
||||
If you are unsure how to answer this question, answer Y.
|
||||
|
||||
config SECURITY_FILE_CAPABILITIES
|
||||
bool "File POSIX Capabilities (EXPERIMENTAL)"
|
||||
depends on (SECURITY=n || SECURITY_CAPABILITIES!=n) && EXPERIMENTAL
|
||||
depends on SECURITY && EXPERIMENTAL
|
||||
default n
|
||||
help
|
||||
This enables filesystem capabilities, allowing you to give
|
||||
|
|
|
@ -6,16 +6,13 @@ obj-$(CONFIG_KEYS) += keys/
|
|||
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
|
||||
subdir-$(CONFIG_SECURITY_SMACK) += smack
|
||||
|
||||
# if we don't select a security model, use the default capabilities
|
||||
ifneq ($(CONFIG_SECURITY),y)
|
||||
# always enable default capabilities
|
||||
obj-y += commoncap.o
|
||||
endif
|
||||
|
||||
# Object file lists
|
||||
obj-$(CONFIG_SECURITY) += security.o dummy.o inode.o
|
||||
obj-$(CONFIG_SECURITY) += security.o capability.o inode.o
|
||||
# Must precede capability.o in order to stack properly.
|
||||
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
|
||||
obj-$(CONFIG_SECURITY_SMACK) += commoncap.o smack/built-in.o
|
||||
obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o
|
||||
obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o
|
||||
obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
|
||||
obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o
|
||||
obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
|
||||
|
|
File diff suppressed because it is too large
Load diff
1250
security/dummy.c
1250
security/dummy.c
File diff suppressed because it is too large
Load diff
|
@ -20,8 +20,8 @@
|
|||
/* Boot-time LSM user choice */
|
||||
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1];
|
||||
|
||||
/* things that live in dummy.c */
|
||||
extern struct security_operations dummy_security_ops;
|
||||
/* things that live in capability.c */
|
||||
extern struct security_operations default_security_ops;
|
||||
extern void security_fixup_ops(struct security_operations *ops);
|
||||
|
||||
struct security_operations *security_ops; /* Initialized to NULL */
|
||||
|
@ -57,13 +57,8 @@ int __init security_init(void)
|
|||
{
|
||||
printk(KERN_INFO "Security Framework initialized\n");
|
||||
|
||||
if (verify(&dummy_security_ops)) {
|
||||
printk(KERN_ERR "%s could not verify "
|
||||
"dummy_security_ops structure.\n", __func__);
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
security_ops = &dummy_security_ops;
|
||||
security_fixup_ops(&default_security_ops);
|
||||
security_ops = &default_security_ops;
|
||||
do_security_initcalls();
|
||||
|
||||
return 0;
|
||||
|
@ -122,7 +117,7 @@ int register_security(struct security_operations *ops)
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (security_ops != &dummy_security_ops)
|
||||
if (security_ops != &default_security_ops)
|
||||
return -EAGAIN;
|
||||
|
||||
security_ops = ops;
|
||||
|
|
Loading…
Reference in a new issue