LSM: Separate idea of "major" LSM from "exclusive" LSM

In order to both support old "security=" Legacy Major LSM selection, and handling real exclusivity, this creates LSM_FLAG_EXCLUSIVE and updates the selection logic to handle them. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
author: Kees Cook <keescook@chromium.org> 2018-09-20 05:57:06 +0300
committer: Kees Cook <keescook@chromium.org> 2019-01-09 00:18:43 +0300
commit: 14bd99c821f7ace0e8110a1bfdfaa27e1788e20f (patch)
tree: a5feee1ff6b832eaffef89d1bde995e0574723e2 /security/selinux
parent: 7e611486d905f435faf80969deed68a615019e6b (diff)
download: linux-14bd99c821f7ace0e8110a1bfdfaa27e1788e20f.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 0f8ae2fbd14a..49865f119b16 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6989,7 +6989,7 @@ void selinux_complete_init(void)
    all processes and objects when they are created. */
 DEFINE_LSM(selinux) = {
 	.name = "selinux",
-	.flags = LSM_FLAG_LEGACY_MAJOR,
+	.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
 	.enabled = &selinux_enabled,
 	.init = selinux_init,
 };
author	Kees Cook <keescook@chromium.org>	2018-09-20 05:57:06 +0300
committer	Kees Cook <keescook@chromium.org>	2019-01-09 00:18:43 +0300
commit	14bd99c821f7ace0e8110a1bfdfaa27e1788e20f (patch)
tree	a5feee1ff6b832eaffef89d1bde995e0574723e2 /security/selinux
parent	7e611486d905f435faf80969deed68a615019e6b (diff)
download	linux-14bd99c821f7ace0e8110a1bfdfaa27e1788e20f.tar.xz