From: James Morris <jmorris@namei.org>
To: Chris Wright <chrisw@sous-sol.org>
Cc: linux-security-module@vger.kernel.org,
"Serge E. Hallyn" <serue@us.ibm.com>,
Andrew Morgan <agm@google.com>, Andrew Morton <akpm@google.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
lkml <linux-kernel@vger.kernel.org>,
Arjan van de Ven <arjan@infradead.org>, Greg KH <greg@kroah.com>,
Eric Paris <eparis@redhat.com>
Subject: [PATCH try #2] security: Convert LSM into a static interface
Date: Mon, 25 Jun 2007 00:33:43 -0400 (EDT) [thread overview]
Message-ID: <Line.LNX.4.64.0706250031350.15974@localhost.localdomain> (raw)
In-Reply-To: <20070624220903.GB3723@sequoia.sous-sol.org>
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
overall security architecture.
Needlessly exported LSM symbols have been unexported, to help reduce API
abuse.
Parameters for the capability and root_plug modules are now specified at
boot.
The SECURITY_FRAMEWORK_VERSION macro has also been removed.
Signed-off-by: James Morris <jmorris@namei.org>
---
Changes:
- retain capability.disable kernel param name
Documentation/kernel-parameters.txt | 17 +++++++++++
security/Kconfig | 4 +-
security/capability.c | 24 ----------------
security/commoncap.c | 3 --
security/dummy.c | 1 -
security/root_plug.c | 53 +++++++++++++---------------------
security/security.c | 9 +----
security/selinux/hooks.c | 1 -
security/selinux/xfrm.c | 1 -
9 files changed, 41 insertions(+), 72 deletions(-)
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 5d0283c..35e1202 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -74,10 +74,12 @@ parameter is applicable:
PPT Parallel port support is enabled.
PS2 Appropriate PS/2 support is enabled.
RAM RAM disk support is enabled.
+ ROOTPLUG The example Root Plug LSM is enabled.
S390 S390 architecture is enabled.
SCSI Appropriate SCSI support is enabled.
A lot of drivers has their options described inside of
Documentation/scsi/.
+ SECURITY Different security models are enabled.
SELINUX SELinux support is enabled.
SERIAL Serial support is enabled.
SH SuperH architecture is enabled.
@@ -376,6 +378,12 @@ and is between 256 and 4096 characters. It is defined in the file
possible to determine what the correct size should be.
This option provides an override for these situations.
+ capability.disable=
+ [SECURITY] Disable capabilities. This would normally
+ be used only if an alternative security model is to be
+ configured. Potentially dangerous and should only be
+ used if you are entirely sure of the consequences.
+
cdu31a= [HW,CD]
Format: <io>,<irq>[,PAS]
See header of drivers/cdrom/cdu31a.c.
@@ -1541,6 +1549,15 @@ and is between 256 and 4096 characters. It is defined in the file
rootfstype= [KNL] Set root filesystem type
+ root_plug_vendor_id=
+ [ROOTPLUG] Override the default vendor ID
+
+ root_plug_product_id=
+ [ROOTPLUG] Override the default product ID
+
+ root_plug_debug=
+ [ROOTPLUG] Enable debugging output
+
rw [KNL] Mount root device read-write on boot
S [KNL] Run init in single mode
diff --git a/security/Kconfig b/security/Kconfig
index 460e5c9..8ae5490 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -74,14 +74,14 @@ config SECURITY_NETWORK_XFRM
If you are unsure how to answer this question, answer N.
config SECURITY_CAPABILITIES
- tristate "Default Linux Capabilities"
+ bool "Default Linux Capabilities"
depends on SECURITY
help
This enables the "default" Linux capabilities functionality.
If you are unsure how to answer this question, answer Y.
config SECURITY_ROOTPLUG
- tristate "Root Plug Support"
+ bool "Root Plug Support"
depends on USB && SECURITY
help
This is a sample LSM module that should only be used as such.
diff --git a/security/capability.c b/security/capability.c
index 38296a0..fda6a14 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -8,7 +8,6 @@
*
*/
-#include <linux/module.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/security.h>
@@ -52,7 +51,6 @@ static int secondary;
static int capability_disable;
module_param_named(disable, capability_disable, int, 0);
-MODULE_PARM_DESC(disable, "To disable capabilities module set disable = 1");
static int __init capability_init (void)
{
@@ -75,26 +73,4 @@ static int __init capability_init (void)
return 0;
}
-static void __exit capability_exit (void)
-{
- if (capability_disable)
- return;
- /* remove ourselves from the security framework */
- if (secondary) {
- if (mod_unreg_security (KBUILD_MODNAME, &capability_ops))
- printk (KERN_INFO "Failure unregistering capabilities "
- "with primary module.\n");
- return;
- }
-
- if (unregister_security (&capability_ops)) {
- printk (KERN_INFO
- "Failure unregistering capabilities with the kernel\n");
- }
-}
-
security_initcall (capability_init);
-module_exit (capability_exit);
-
-MODULE_DESCRIPTION("Standard Linux Capabilities Security Module");
-MODULE_LICENSE("GPL");
diff --git a/security/commoncap.c b/security/commoncap.c
index 384379e..04bd44b 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -339,6 +339,3 @@ EXPORT_SYMBOL(cap_task_post_setuid);
EXPORT_SYMBOL(cap_task_reparent_to_init);
EXPORT_SYMBOL(cap_syslog);
EXPORT_SYMBOL(cap_vm_enough_memory);
-
-MODULE_DESCRIPTION("Standard Linux Common Capabilities Security Module");
-MODULE_LICENSE("GPL");
diff --git a/security/dummy.c b/security/dummy.c
index 8ffd764..6d4e34b 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -15,7 +15,6 @@
#undef DEBUG
#include <linux/capability.h>
-#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/mman.h>
#include <linux/pagemap.h>
diff --git a/security/root_plug.c b/security/root_plug.c
index 38dd4f3..3125e25 100644
--- a/security/root_plug.c
+++ b/security/root_plug.c
@@ -22,7 +22,6 @@
* License.
*/
-#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/security.h>
@@ -33,25 +32,34 @@ static int secondary;
/* default is a generic type of usb to serial converter */
static int vendor_id = 0x0557;
-static int product_id = 0x2008;
-module_param(vendor_id, uint, 0400);
-MODULE_PARM_DESC(vendor_id, "USB Vendor ID of device to look for");
+static int __init root_plug_vendor_id(char *str)
+{
+ vendor_id = simple_strtol(str, NULL, 0);
+ return 1;
+}
+__setup("root_plug_vendor_id=", root_plug_vendor_id);
+
+static int product_id = 0x2008;
-module_param(product_id, uint, 0400);
-MODULE_PARM_DESC(product_id, "USB Product ID of device to look for");
+static int __init root_plug_product_id(char *str)
+{
+ product_id = simple_strtol(str, NULL, 0);
+ return 1;
+}
+__setup("root_plug_product_id=", root_plug_product_id);
/* should we print out debug messages */
static int debug = 0;
-module_param(debug, bool, 0600);
-MODULE_PARM_DESC(debug, "Debug enabled or not");
+static int __init root_plug_debug(char *str)
+{
+ debug = simple_strtol(str, NULL, 0);
+ return 1;
+}
+__setup("root_plug_debug=", root_plug_debug);
-#if defined(CONFIG_SECURITY_ROOTPLUG_MODULE)
-#define MY_NAME THIS_MODULE->name
-#else
#define MY_NAME "root_plug"
-#endif
#define root_dbg(fmt, arg...) \
do { \
@@ -117,25 +125,4 @@ static int __init rootplug_init (void)
return 0;
}
-static void __exit rootplug_exit (void)
-{
- /* remove ourselves from the security framework */
- if (secondary) {
- if (mod_unreg_security (MY_NAME, &rootplug_security_ops))
- printk (KERN_INFO "Failure unregistering Root Plug "
- " module with primary module.\n");
- } else {
- if (unregister_security (&rootplug_security_ops)) {
- printk (KERN_INFO "Failure unregistering Root Plug "
- "module with the kernel\n");
- }
- }
- printk (KERN_INFO "Root Plug module removed\n");
-}
-
security_initcall (rootplug_init);
-module_exit (rootplug_exit);
-
-MODULE_DESCRIPTION("Root Plug sample LSM module, written for Linux Journal article");
-MODULE_LICENSE("GPL");
-
diff --git a/security/security.c b/security/security.c
index fc8601b..e49dae2 100644
--- a/security/security.c
+++ b/security/security.c
@@ -17,7 +17,6 @@
#include <linux/kernel.h>
#include <linux/security.h>
-#define SECURITY_FRAMEWORK_VERSION "1.0.0"
/* things that live in dummy.c */
extern struct security_operations dummy_security_ops;
@@ -51,8 +50,7 @@ static void __init do_security_initcalls(void)
*/
int __init security_init(void)
{
- printk(KERN_INFO "Security Framework v" SECURITY_FRAMEWORK_VERSION
- " initialized\n");
+ printk(KERN_INFO "Security Framework initialized\n");
if (verify(&dummy_security_ops)) {
printk(KERN_ERR "%s could not verify "
@@ -172,8 +170,5 @@ int mod_unreg_security(const char *name, struct security_operations *ops)
return security_ops->unregister_security(name, ops);
}
-EXPORT_SYMBOL_GPL(register_security);
-EXPORT_SYMBOL_GPL(unregister_security);
-EXPORT_SYMBOL_GPL(mod_reg_security);
-EXPORT_SYMBOL_GPL(mod_unreg_security);
+/* Export required for modular use of security.h inlines */
EXPORT_SYMBOL(security_ops);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ad8dd4e..105319a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -20,7 +20,6 @@
* as published by the Free Software Foundation.
*/
-#include <linux/module.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/ptrace.h>
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index bd8d1ef..b589238 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -31,7 +31,6 @@
* 2. Emulating a reasonable SO_PEERSEC across machines
* 3. Testing addition of sk_policy's with security context via setsockopt
*/
-#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/security.h>
--
1.5.2.1
next prev parent reply other threads:[~2007-06-25 4:33 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20070611123714.GA2063@sergelap.austin.ibm.com>
[not found] ` <878322.98602.qm@web36606.mail.mud.yahoo.com>
[not found] ` <afff21250706110926l244ddc28i44289cb08a6721e2@mail.gmail.com>
[not found] ` <20070617135239.GA17689@sergelap>
[not found] ` <4676007F.7060503@kernel.org>
[not found] ` <20070618044017.GW3723@sequoia.sous-sol.org>
[not found] ` <20070620171037.GA28670@sergelap.ibm.com>
[not found] ` <20070620174613.GF3723@sequoia.sous-sol.org>
2007-06-21 16:00 ` implement-file-posix-capabilities.patch Serge E. Hallyn
2007-06-23 8:13 ` implement-file-posix-capabilities.patch Andrew Morgan
2007-06-24 15:51 ` implement-file-posix-capabilities.patch Serge E. Hallyn
2007-06-24 16:18 ` implement-file-posix-capabilities.patch James Morris
2007-06-24 20:58 ` [PATCH][RFC] security: Convert LSM into a static interface James Morris
2007-06-24 22:09 ` Chris Wright
2007-06-24 22:37 ` James Morris
2007-06-25 1:38 ` Chris Wright
2007-06-24 23:40 ` Casey Schaufler
2007-06-25 1:39 ` Chris Wright
2007-06-25 3:37 ` Casey Schaufler
2007-06-25 3:57 ` Chris Wright
2007-06-25 13:02 ` Casey Schaufler
2007-06-25 14:24 ` Roberto De Ioris
2007-06-25 4:33 ` James Morris [this message]
2007-06-25 4:48 ` [PATCH try #2] " Petr Vandrovec
2007-06-25 4:58 ` James Morris
2007-06-25 16:59 ` Stephen Smalley
2007-06-25 23:56 ` [PATCH try #3] " James Morris
2007-06-25 20:37 ` [PATCH try #2] " Andreas Gruenbacher
2007-06-25 21:14 ` James Morris
2007-06-26 3:57 ` Serge E. Hallyn
2007-06-26 13:15 ` Adrian Bunk
2007-06-26 14:06 ` Serge E. Hallyn
2007-06-26 14:59 ` Adrian Bunk
2007-06-26 15:53 ` Serge E. Hallyn
2007-06-26 18:52 ` Adrian Bunk
2007-06-26 18:18 ` Greg KH
2007-06-26 18:40 ` Serge E. Hallyn
2007-06-26 4:09 ` Kyle Moffett
2007-06-26 4:25 ` Kyle Moffett
2007-06-26 13:47 ` Serge E. Hallyn
2007-06-27 0:07 ` Kyle Moffett
2007-06-27 0:57 ` Crispin Cowan
2007-06-27 1:22 ` Kyle Moffett
2007-06-27 4:24 ` Chris Wright
2007-06-27 13:41 ` Serge E. Hallyn
2007-06-27 14:36 ` James Morris
2007-06-27 17:21 ` Serge E. Hallyn
2007-06-27 18:51 ` Serge E. Hallyn
2007-06-27 19:28 ` James Morris
2007-06-28 2:48 ` Serge E. Hallyn
2007-06-25 3:57 ` [PATCH][RFC] " Serge E. Hallyn
2007-06-25 4:10 ` Chris Wright
2007-06-25 4:54 ` Serge E. Hallyn
2007-06-25 13:50 ` Casey Schaufler
2007-06-25 13:54 ` James Morris
2007-06-25 14:32 ` Serge E. Hallyn
2007-06-25 15:08 ` Casey Schaufler
2007-06-27 5:00 ` implement-file-posix-capabilities.patch Andrew Morgan
2007-06-27 13:16 ` implement-file-posix-capabilities.patch Serge E. Hallyn
2007-06-28 6:19 ` implement-file-posix-capabilities.patch Andrew Morgan
2007-06-28 13:36 ` implement-file-posix-capabilities.patch Serge E. Hallyn
2007-06-28 15:14 ` implement-file-posix-capabilities.patch Casey Schaufler
2007-06-28 15:38 ` implement-file-posix-capabilities.patch Serge E. Hallyn
2007-06-28 15:56 ` implement-file-posix-capabilities.patch Casey Schaufler
2007-06-29 5:30 ` implement-file-posix-capabilities.patch Andrew Morgan
2007-06-29 13:24 ` implement-file-posix-capabilities.patch Serge E. Hallyn
2007-06-29 14:46 ` implement-file-posix-capabilities.patch Casey Schaufler
2007-06-28 15:50 ` implement-file-posix-capabilities.patch Andrew Morgan
2007-07-02 14:38 ` implement-file-posix-capabilities.patch Serge E. Hallyn
2007-07-04 21:29 ` implement-file-posix-capabilities.patch Andrew Morgan
2007-07-04 23:00 ` implement-file-posix-capabilities.patch Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Line.LNX.4.64.0706250031350.15974@localhost.localdomain \
--to=jmorris@namei.org \
--cc=agm@google.com \
--cc=akpm@google.com \
--cc=arjan@infradead.org \
--cc=chrisw@sous-sol.org \
--cc=eparis@redhat.com \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).