Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 730daa16 authored by Kees Cook's avatar Kees Cook Committed by James Morris
Browse files

Yama: remove needless CONFIG_SECURITY_YAMA_STACKED 



Now that minor LSMs can cleanly stack with major LSMs, remove the unneeded
config for Yama to be made to explicitly stack. Just selecting the main
Yama CONFIG will allow it to work, regardless of the major LSM. Since
distros using Yama are already forcing it to stack, this is effectively
a no-op change.

Additionally add MAINTAINERS entry.

Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
parent fe6c59dc

Documentation/security/Yama.txt

+4 −6
Original line number Diff line number Diff line 
Yama is a Linux Security Module that collects a number of system-wide DAC

security protections that are not handled by the core kernel itself. To

select it at boot time, specify "security=yama" (though this will disable

any other LSM).



Yama is controlled through sysctl in /proc/sys/kernel/yama:

Yama is a Linux Security Module that collects system-wide DAC security

protections that are not handled by the core kernel itself. This is

selectable at build-time with CONFIG_SECURITY_YAMA, and can be controlled

at run-time through sysctls in /proc/sys/kernel/yama:



- ptrace_scope

MAINTAINERS

+6 −0
Original line number Diff line number Diff line
@@ -9102,6 +9102,12 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git 
S:	Supported

F:	security/apparmor/



YAMA SECURITY MODULE

M:	Kees Cook <keescook@chromium.org>

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git yama/tip

S:	Supported

F:	security/yama/



SENSABLE PHANTOM

M:	Jiri Slaby <jirislaby@gmail.com>

S:	Maintained

arch/mips/configs/pistachio_defconfig

+0 −1
Original line number Diff line number Diff line
@@ -320,7 +320,6 @@ CONFIG_KEYS=y 
CONFIG_SECURITY=y

CONFIG_SECURITY_NETWORK=y

CONFIG_SECURITY_YAMA=y

CONFIG_SECURITY_YAMA_STACKED=y

CONFIG_DEFAULT_SECURITY_DAC=y

CONFIG_CRYPTO_AUTHENC=y

CONFIG_CRYPTO_HMAC=y

include/linux/lsm_hooks.h

+4 −2
Original line number Diff line number Diff line
@@ -1881,8 +1881,10 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, 


extern int __init security_module_enable(const char *module);

extern void __init capability_add_hooks(void);

#ifdef CONFIG_SECURITY_YAMA_STACKED

void __init yama_add_hooks(void);

#ifdef CONFIG_SECURITY_YAMA

extern void __init yama_add_hooks(void);

#else

static inline void __init yama_add_hooks(void) { }

#endif



#endif /* ! __LINUX_LSM_HOOKS_H */

security/Kconfig

+0 −5
Original line number Diff line number Diff line
@@ -132,7 +132,6 @@ choice 
	default DEFAULT_SECURITY_SMACK if SECURITY_SMACK

	default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO

	default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR

	default DEFAULT_SECURITY_YAMA if SECURITY_YAMA

	default DEFAULT_SECURITY_DAC



	help
@@ -151,9 +150,6 @@ choice 
	config DEFAULT_SECURITY_APPARMOR

		bool "AppArmor" if SECURITY_APPARMOR=y



	config DEFAULT_SECURITY_YAMA

		bool "Yama" if SECURITY_YAMA=y



	config DEFAULT_SECURITY_DAC

		bool "Unix Discretionary Access Controls"
@@ -165,7 +161,6 @@ config DEFAULT_SECURITY 
	default "smack" if DEFAULT_SECURITY_SMACK

	default "tomoyo" if DEFAULT_SECURITY_TOMOYO

	default "apparmor" if DEFAULT_SECURITY_APPARMOR

	default "yama" if DEFAULT_SECURITY_YAMA

	default "" if DEFAULT_SECURITY_DAC



endmenu