Loading include/linux/lsm_hooks.h +7 −0 Original line number Diff line number Diff line Loading @@ -1921,6 +1921,13 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, } #endif /* CONFIG_SECURITY_SELINUX_DISABLE */ /* Currently required to handle SELinux runtime hook disable. */ #ifdef CONFIG_SECURITY_WRITABLE_HOOKS #define __lsm_ro_after_init #else #define __lsm_ro_after_init __ro_after_init #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ extern int __init security_module_enable(const char *module); extern void __init capability_add_hooks(void); #ifdef CONFIG_SECURITY_YAMA Loading security/Kconfig +5 −0 Original line number Diff line number Diff line Loading @@ -40,6 +40,11 @@ config SECURITY If you are unsure how to answer this question, answer N. config SECURITY_WRITABLE_HOOKS depends on SECURITY bool default n config SECURITYFS bool "Enable the securityfs filesystem" help Loading security/apparmor/lsm.c +1 −1 Original line number Diff line number Diff line Loading @@ -584,7 +584,7 @@ static int apparmor_task_setrlimit(struct task_struct *task, return error; } static struct security_hook_list apparmor_hooks[] = { static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), LSM_HOOK_INIT(capget, apparmor_capget), Loading security/commoncap.c +1 −1 Original line number Diff line number Diff line Loading @@ -1081,7 +1081,7 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY struct security_hook_list capability_hooks[] = { struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), LSM_HOOK_INIT(ptrace_access_check, cap_ptrace_access_check), Loading security/loadpin/loadpin.c +1 −1 Original line number Diff line number Diff line Loading @@ -174,7 +174,7 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id) return 0; } static struct security_hook_list loadpin_hooks[] = { static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), }; Loading Loading
include/linux/lsm_hooks.h +7 −0 Original line number Diff line number Diff line Loading @@ -1921,6 +1921,13 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, } #endif /* CONFIG_SECURITY_SELINUX_DISABLE */ /* Currently required to handle SELinux runtime hook disable. */ #ifdef CONFIG_SECURITY_WRITABLE_HOOKS #define __lsm_ro_after_init #else #define __lsm_ro_after_init __ro_after_init #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ extern int __init security_module_enable(const char *module); extern void __init capability_add_hooks(void); #ifdef CONFIG_SECURITY_YAMA Loading
security/Kconfig +5 −0 Original line number Diff line number Diff line Loading @@ -40,6 +40,11 @@ config SECURITY If you are unsure how to answer this question, answer N. config SECURITY_WRITABLE_HOOKS depends on SECURITY bool default n config SECURITYFS bool "Enable the securityfs filesystem" help Loading
security/apparmor/lsm.c +1 −1 Original line number Diff line number Diff line Loading @@ -584,7 +584,7 @@ static int apparmor_task_setrlimit(struct task_struct *task, return error; } static struct security_hook_list apparmor_hooks[] = { static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), LSM_HOOK_INIT(capget, apparmor_capget), Loading
security/commoncap.c +1 −1 Original line number Diff line number Diff line Loading @@ -1081,7 +1081,7 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY struct security_hook_list capability_hooks[] = { struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(capable, cap_capable), LSM_HOOK_INIT(settime, cap_settime), LSM_HOOK_INIT(ptrace_access_check, cap_ptrace_access_check), Loading
security/loadpin/loadpin.c +1 −1 Original line number Diff line number Diff line Loading @@ -174,7 +174,7 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id) return 0; } static struct security_hook_list loadpin_hooks[] = { static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security), LSM_HOOK_INIT(kernel_read_file, loadpin_read_file), }; Loading
