aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorTetsuo Handa2010-08-28 14:58:44 +0900
committerJames Morris2010-10-21 10:12:34 +1100
commit065d78a0603cc6f8d288e96dbf761b96984b634f (patch)
treeb95d865a91a6895d54b7b6486ebeb3b40bf2648e /security
parentdaa6d83a2863c28197b0c7dabfdf1e0606760b78 (diff)
LSM: Fix security_module_enable() error.
We can set default LSM module to DAC (which means "enable no LSM module"). If default LSM module was set to DAC, security_module_enable() must return 0 unless overridden via boot time parameter. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/security.c12
1 files changed, 2 insertions, 10 deletions
diff --git a/security/security.c b/security/security.c
index c53949f17d9e..43b6463ebbfb 100644
--- a/security/security.c
+++ b/security/security.c
@@ -89,20 +89,12 @@ __setup("security=", choose_lsm);
* Return true if:
* -The passed LSM is the one chosen by user at boot time,
* -or the passed LSM is configured as the default and the user did not
- * choose an alternate LSM at boot time,
- * -or there is no default LSM set and the user didn't specify a
- * specific LSM and we're the first to ask for registration permission,
- * -or the passed LSM is currently loaded.
+ * choose an alternate LSM at boot time.
* Otherwise, return false.
*/
int __init security_module_enable(struct security_operations *ops)
{
- if (!*chosen_lsm)
- strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX);
- else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX))
- return 0;
-
- return 1;
+ return !strcmp(ops->name, chosen_lsm);
}
/**