Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5915eb53 authored by Miklos Szeredi's avatar Miklos Szeredi Committed by James Morris
Browse files

security: remove dummy module 



Remove the dummy module and make the "capability" module the default.

Compile and boot tested.

Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent b478a9f9

security/Kconfig

+1 −9
Original line number Diff line number Diff line
@@ -73,17 +73,9 @@ config SECURITY_NETWORK_XFRM 
	  IPSec.

	  If you are unsure how to answer this question, answer N.



config SECURITY_CAPABILITIES

	bool "Default Linux Capabilities"

	depends on SECURITY

	default y

	help

	  This enables the "default" Linux capabilities functionality.

	  If you are unsure how to answer this question, answer Y.



config SECURITY_FILE_CAPABILITIES

	bool "File POSIX Capabilities (EXPERIMENTAL)"

	depends on (SECURITY=n || SECURITY_CAPABILITIES!=n) && EXPERIMENTAL

	depends on SECURITY && EXPERIMENTAL

	default n

	help

	  This enables filesystem capabilities, allowing you to give

security/Makefile

+4 −7
Original line number Diff line number Diff line
@@ -6,16 +6,13 @@ obj-$(CONFIG_KEYS) += keys/ 
subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux

subdir-$(CONFIG_SECURITY_SMACK)		+= smack



# if we don't select a security model, use the default capabilities

ifneq ($(CONFIG_SECURITY),y)

# always enable default capabilities

obj-y		+= commoncap.o

endif



# Object file lists

obj-$(CONFIG_SECURITY)			+= security.o dummy.o inode.o

obj-$(CONFIG_SECURITY)			+= security.o capability.o inode.o

# Must precede capability.o in order to stack properly.

obj-$(CONFIG_SECURITY_SELINUX)		+= selinux/built-in.o

obj-$(CONFIG_SECURITY_SMACK)		+= commoncap.o smack/built-in.o

obj-$(CONFIG_SECURITY_CAPABILITIES)	+= commoncap.o capability.o

obj-$(CONFIG_SECURITY_ROOTPLUG)		+= commoncap.o root_plug.o

obj-$(CONFIG_SECURITY_SMACK)		+= smack/built-in.o

obj-$(CONFIG_SECURITY_ROOTPLUG)		+= root_plug.o

obj-$(CONFIG_CGROUP_DEVICE)		+= device_cgroup.o

security/capability.c

+986 −64

File changed.

Preview size limit exceeded, changes collapsed.

security/dummy.c

deleted100644 → 0
+0 −1250

File deleted.

Preview size limit exceeded, changes collapsed.

security/security.c

+5 −10
Original line number Diff line number Diff line
@@ -20,8 +20,8 @@ 
/* Boot-time LSM user choice */

static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1];



/* things that live in dummy.c */

extern struct security_operations dummy_security_ops;

/* things that live in capability.c */

extern struct security_operations default_security_ops;

extern void security_fixup_ops(struct security_operations *ops);



struct security_operations *security_ops;	/* Initialized to NULL */
@@ -57,13 +57,8 @@ int __init security_init(void) 
{

	printk(KERN_INFO "Security Framework initialized\n");



	if (verify(&dummy_security_ops)) {

		printk(KERN_ERR "%s could not verify "

		       "dummy_security_ops structure.\n", __func__);

		return -EIO;

	}



	security_ops = &dummy_security_ops;

	security_fixup_ops(&default_security_ops);

	security_ops = &default_security_ops;

	do_security_initcalls();



	return 0;
@@ -122,7 +117,7 @@ int register_security(struct security_operations *ops) 
		return -EINVAL;

	}



	if (security_ops != &dummy_security_ops)

	if (security_ops != &default_security_ops)

		return -EAGAIN;



	security_ops = ops;