git.baikalelectronics.ru Git - kernel.git/commit

author	Ahmed S. Darwish <darwish.07@gmail.com>
	Thu, 6 Mar 2008 16:09:10 +0000 (18:09 +0200)
committer	James Morris <jmorris@namei.org>
	Sat, 19 Apr 2008 00:00:51 +0000 (10:00 +1000)
commit	7b7d7e07388c87c702c45a07fcb49c0d56c8b59e
tree	5e8f05cab20a49922618bb3af697a6b46e610eee	tree \| snapshot
parent	8827355b73f8a9e5a99baeb168b247c998de501f	commit \| diff

Security: Introduce security= boot parameter

Add the security= boot parameter. This is done to avoid LSM
registration clashes in case of more than one bult-in module.

User can choose a security module to enable at boot. If no
security= boot parameter is specified, only the first LSM
asking for registration will be loaded. An invalid security
module name will be treated as if no module has been chosen.

LSM modules must check now if they are allowed to register
by calling security_module_enable(ops) first. Modify SELinux
and SMACK to do so.

Do not let SMACK register smackfs if it was not chosen on
boot. Smackfs assumes that smack hooks are registered and
the initial task security setup (swapper->security) is done.

Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>

Documentation/kernel-parameters.txt		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
security/dummy.c		diff \| blob \| history
security/security.c		diff \| blob \| history
security/selinux/hooks.c		diff \| blob \| history
security/smack/smack.h		diff \| blob \| history
security/smack/smack_lsm.c		diff \| blob \| history
security/smack/smackfs.c		diff \| blob \| history