Yama: remove needless CONFIG_SECURITY_YAMA_STACKED
Now that minor LSMs can cleanly stack with major LSMs, remove the unneeded config for Yama to be made to explicitly stack. Just selecting the main Yama CONFIG will allow it to work, regardless of the major LSM. Since distros using Yama are already forcing it to stack, this is effectively a no-op change. Additionally add MAINTAINERS entry. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
Kees Cook
@@ -6,14 +6,7 @@ config SECURITY_YAMA
|
||||
This selects Yama, which extends DAC support with additional
|
||||
system-wide security settings beyond regular Linux discretionary
|
||||
access controls. Currently available is ptrace scope restriction.
|
||||
Like capabilities, this security module stacks with other LSMs.
|
||||
Further information can be found in Documentation/security/Yama.txt.
|
||||
|
||||
If you are unsure how to answer this question, answer N.
|
||||
|
||||
config SECURITY_YAMA_STACKED
|
||||
bool "Yama stacked with other LSMs"
|
||||
depends on SECURITY_YAMA
|
||||
default n
|
||||
help
|
||||
When Yama is built into the kernel, force it to stack with the
|
||||
selected primary LSM.
|
||||
|
||||
@@ -353,11 +353,6 @@ static struct security_hook_list yama_hooks[] = {
|
||||
LSM_HOOK_INIT(task_free, yama_task_free),
|
||||
};
|
||||
|
||||
void __init yama_add_hooks(void)
|
||||
{
|
||||
security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks));
|
||||
}
|
||||
|
||||
#ifdef CONFIG_SYSCTL
|
||||
static int yama_dointvec_minmax(struct ctl_table *table, int write,
|
||||
void __user *buffer, size_t *lenp, loff_t *ppos)
|
||||
@@ -396,25 +391,18 @@ static struct ctl_table yama_sysctl_table[] = {
|
||||
},
|
||||
{ }
|
||||
};
|
||||
#endif /* CONFIG_SYSCTL */
|
||||
|
||||
static __init int yama_init(void)
|
||||
static void __init yama_init_sysctl(void)
|
||||
{
|
||||
#ifndef CONFIG_SECURITY_YAMA_STACKED
|
||||
/*
|
||||
* If yama is being stacked this is already taken care of.
|
||||
*/
|
||||
if (!security_module_enable("yama"))
|
||||
return 0;
|
||||
#endif
|
||||
pr_info("Yama: becoming mindful.\n");
|
||||
|
||||
#ifdef CONFIG_SYSCTL
|
||||
if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table))
|
||||
panic("Yama: sysctl registration failed.\n");
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
#else
|
||||
static inline void yama_init_sysctl(void) { }
|
||||
#endif /* CONFIG_SYSCTL */
|
||||
|
||||
security_initcall(yama_init);
|
||||
void __init yama_add_hooks(void)
|
||||
{
|
||||
pr_info("Yama: becoming mindful.\n");
|
||||
security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks));
|
||||
yama_init_sysctl();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user