diff options
author | Kees Cook <keescook@chromium.org> | 2018-10-11 03:18:25 +0300 |
---|---|---|
committer | James Morris <james.morris@microsoft.com> | 2018-10-11 06:40:22 +0300 |
commit | 9b8c7c14059af801637a818882159145c370d6f1 (patch) | |
tree | 4a24ecf885e60add9de71c928ed15ad79f8f0165 /security/security.c | |
parent | 07aed2f2af5a5892ced035dbcf3993f630825fc3 (diff) | |
download | linux-9b8c7c14059af801637a818882159145c370d6f1.tar.xz |
LSM: Provide init debugging infrastructure
Booting with "lsm.debug" will report future details on how LSM ordering
decisions are being made.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: James Morris <james.morris@microsoft.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'security/security.c')
-rw-r--r-- | security/security.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c index e74f46fba591..395f804f6a91 100644 --- a/security/security.c +++ b/security/security.c @@ -12,6 +12,8 @@ * (at your option) any later version. */ +#define pr_fmt(fmt) "LSM: " fmt + #include <linux/bpf.h> #include <linux/capability.h> #include <linux/dcache.h> @@ -43,11 +45,19 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; +static __initdata bool debug; +#define init_debug(...) \ + do { \ + if (debug) \ + pr_info(__VA_ARGS__); \ + } while (0) + static void __init major_lsm_init(void) { struct lsm_info *lsm; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + init_debug("initializing %s\n", lsm->name); lsm->init(); } } @@ -91,6 +101,14 @@ static int __init choose_lsm(char *str) } __setup("security=", choose_lsm); +/* Enable LSM order debugging. */ +static int __init enable_debug(char *str) +{ + debug = true; + return 1; +} +__setup("lsm.debug", enable_debug); + static bool match_last_lsm(const char *list, const char *lsm) { const char *last; |