security: introduce CONFIG_SECURITY_WRITABLE_HOOKS - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	James Morris <jmorris@namei.org>	2017-02-14 16:17:24 +0300
committer	James Morris <james.l.morris@oracle.com>	2017-03-06 03:00:12 +0300
commit	dd0859dccbe291cf8179a96390f5c0e45cb9af1d (patch)
tree	e7a2b67dfdb2beaa07d42a314eb142289599d381 /security/yama/yama_lsm.c
parent	84e6885e9e6a818d1ca1eabb9b720b357ab07a8b (diff)
download	linux-dd0859dccbe291cf8179a96390f5c0e45cb9af1d.tar.xz

security: introduce CONFIG_SECURITY_WRITABLE_HOOKS

Subsequent patches will add RO hardening to LSM hooks, however, SELinux still needs to be able to perform runtime disablement after init to handle architectures where init-time disablement via boot parameters is not feasible. Introduce a new kernel configuration parameter CONFIG_SECURITY_WRITABLE_HOOKS, and a helper macro __lsm_ro_after_init, to handle this case. Signed-off-by: James Morris <james.l.morris@oracle.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Kees Cook <keescook@chromium.org>

Diffstat (limited to 'security/yama/yama_lsm.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: