tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'fixes-v5.1-a' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security layer fixes from James Morris:
"Yama and LSM config fixes"

* 'fixes-v5.1-a' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig"
Yama: mark local symbols as static

Linus Torvalds 12195302 922c010c

+42 -4
+38
security/Kconfig
··· 239 239 240 240 source "security/integrity/Kconfig" 241 241 242 + choice 243 + prompt "First legacy 'major LSM' to be initialized" 244 + default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX 245 + default DEFAULT_SECURITY_SMACK if SECURITY_SMACK 246 + default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO 247 + default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR 248 + default DEFAULT_SECURITY_DAC 249 + 250 + help 251 + This choice is there only for converting CONFIG_DEFAULT_SECURITY 252 + in old kernel configs to CONFIG_LSM in new kernel configs. Don't 253 + change this choice unless you are creating a fresh kernel config, 254 + for this choice will be ignored after CONFIG_LSM has been set. 255 + 256 + Selects the legacy "major security module" that will be 257 + initialized first. Overridden by non-default CONFIG_LSM. 258 + 259 + config DEFAULT_SECURITY_SELINUX 260 + bool "SELinux" if SECURITY_SELINUX=y 261 + 262 + config DEFAULT_SECURITY_SMACK 263 + bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y 264 + 265 + config DEFAULT_SECURITY_TOMOYO 266 + bool "TOMOYO" if SECURITY_TOMOYO=y 267 + 268 + config DEFAULT_SECURITY_APPARMOR 269 + bool "AppArmor" if SECURITY_APPARMOR=y 270 + 271 + config DEFAULT_SECURITY_DAC 272 + bool "Unix Discretionary Access Controls" 273 + 274 + endchoice 275 + 242 276 config LSM 243 277 string "Ordered list of enabled LSMs" 278 + default "yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor" if DEFAULT_SECURITY_SMACK 279 + default "yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" if DEFAULT_SECURITY_APPARMOR 280 + default "yama,loadpin,safesetid,integrity,tomoyo" if DEFAULT_SECURITY_TOMOYO 281 + default "yama,loadpin,safesetid,integrity" if DEFAULT_SECURITY_DAC 244 282 default "yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" 245 283 help 246 284 A comma-separated list of LSMs, in initialization order.
+4 -4
security/yama/yama_lsm.c
··· 206 206 * yama_task_free - check for task_pid to remove from exception list 207 207 * @task: task being removed 208 208 */ 209 - void yama_task_free(struct task_struct *task) 209 + static void yama_task_free(struct task_struct *task) 210 210 { 211 211 yama_ptracer_del(task, task); 212 212 } ··· 222 222 * Return 0 on success, -ve on error. -ENOSYS is returned when Yama 223 223 * does not handle the given option. 224 224 */ 225 - int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3, 225 + static int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3, 226 226 unsigned long arg4, unsigned long arg5) 227 227 { 228 228 int rc = -ENOSYS; ··· 401 401 * 402 402 * Returns 0 if following the ptrace is allowed, -ve on error. 403 403 */ 404 - int yama_ptrace_traceme(struct task_struct *parent) 404 + static int yama_ptrace_traceme(struct task_struct *parent) 405 405 { 406 406 int rc = 0; 407 407 ··· 452 452 static int zero; 453 453 static int max_scope = YAMA_SCOPE_NO_ATTACH; 454 454 455 - struct ctl_path yama_sysctl_path[] = { 455 + static struct ctl_path yama_sysctl_path[] = { 456 456 { .procname = "kernel", }, 457 457 { .procname = "yama", }, 458 458 { }