Commit 065d78a0603cc6f8d288e96dbf761b96984b634f
Committed by
James Morris
James Morris
1 parent
daa6d83a28
LSM: Fix security_module_enable() error.
We can set default LSM module to DAC (which means "enable no LSM module"). If default LSM module was set to DAC, security_module_enable() must return 0 unless overridden via boot time parameter. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 1 changed file with 2 additions and 10 deletions Side-by-side Diff
security/security.c
| ... | ... | @@ -89,20 +89,12 @@ |
| 89 | 89 | * Return true if: |
| 90 | 90 | * -The passed LSM is the one chosen by user at boot time, |
| 91 | 91 | * -or the passed LSM is configured as the default and the user did not |
| 92 | - * choose an alternate LSM at boot time, | |
| 93 | - * -or there is no default LSM set and the user didn't specify a | |
| 94 | - * specific LSM and we're the first to ask for registration permission, | |
| 95 | - * -or the passed LSM is currently loaded. | |
| 92 | + * choose an alternate LSM at boot time. | |
| 96 | 93 | * Otherwise, return false. |
| 97 | 94 | */ |
| 98 | 95 | int __init security_module_enable(struct security_operations *ops) |
| 99 | 96 | { |
| 100 | - if (!*chosen_lsm) | |
| 101 | - strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX); | |
| 102 | - else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX)) | |
| 103 | - return 0; | |
| 104 | - | |
| 105 | - return 1; | |
| 97 | + return !strcmp(ops->name, chosen_lsm); | |
| 106 | 98 | } |
| 107 | 99 | |
| 108 | 100 | /** |