Commit 065d78a0603cc6f8d288e96dbf761b96984b634f
Committed by
James Morris
1 parent
daa6d83a28
LSM: Fix security_module_enable() error.
We can set default LSM module to DAC (which means "enable no LSM module"). If default LSM module was set to DAC, security_module_enable() must return 0 unless overridden via boot time parameter. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 1 changed file with 2 additions and 10 deletions Side-by-side Diff
security/security.c
... | ... | @@ -89,20 +89,12 @@ |
89 | 89 | * Return true if: |
90 | 90 | * -The passed LSM is the one chosen by user at boot time, |
91 | 91 | * -or the passed LSM is configured as the default and the user did not |
92 | - * choose an alternate LSM at boot time, | |
93 | - * -or there is no default LSM set and the user didn't specify a | |
94 | - * specific LSM and we're the first to ask for registration permission, | |
95 | - * -or the passed LSM is currently loaded. | |
92 | + * choose an alternate LSM at boot time. | |
96 | 93 | * Otherwise, return false. |
97 | 94 | */ |
98 | 95 | int __init security_module_enable(struct security_operations *ops) |
99 | 96 | { |
100 | - if (!*chosen_lsm) | |
101 | - strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX); | |
102 | - else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX)) | |
103 | - return 0; | |
104 | - | |
105 | - return 1; | |
97 | + return !strcmp(ops->name, chosen_lsm); | |
106 | 98 | } |
107 | 99 | |
108 | 100 | /** |