LSM: Fix security_module_enable() error.
We can set default LSM module to DAC (which means "enable no LSM module"). If default LSM module was set to DAC, security_module_enable() must return 0 unless overridden via boot time parameter. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
daa6d83a28
commit
065d78a060
@ -89,20 +89,12 @@ __setup("security=", choose_lsm);
|
||||
* Return true if:
|
||||
* -The passed LSM is the one chosen by user at boot time,
|
||||
* -or the passed LSM is configured as the default and the user did not
|
||||
* choose an alternate LSM at boot time,
|
||||
* -or there is no default LSM set and the user didn't specify a
|
||||
* specific LSM and we're the first to ask for registration permission,
|
||||
* -or the passed LSM is currently loaded.
|
||||
* choose an alternate LSM at boot time.
|
||||
* Otherwise, return false.
|
||||
*/
|
||||
int __init security_module_enable(struct security_operations *ops)
|
||||
{
|
||||
if (!*chosen_lsm)
|
||||
strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX);
|
||||
else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
return !strcmp(ops->name, chosen_lsm);
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user