selinux: remove the runtime disable functionality
After working with the larger SELinux-based distros for several years, we're finally at a place where we can disable the SELinux runtime disable functionality. The existing kernel deprecation notice explains the functionality and why we want to remove it: The selinuxfs "disable" node allows SELinux to be disabled at runtime prior to a policy being loaded into the kernel. If disabled via this mechanism, SELinux will remain disabled until the system is rebooted. The preferred method of disabling SELinux is via the "selinux=0" boot parameter, but the selinuxfs "disable" node was created to make it easier for systems with primitive bootloaders that did not allow for easy modification of the kernel command line. Unfortunately, allowing for SELinux to be disabled at runtime makes it difficult to secure the kernel's LSM hooks using the "__ro_after_init" feature. It is that last sentence, mentioning the '__ro_after_init' hardening, which is the real motivation for this change, and if you look at the diffstat you'll see that the impact of this patch reaches across all the different LSMs, helping prevent tampering at the LSM hook level. From a SELinux perspective, it is important to note that if you continue to disable SELinux via "/etc/selinux/config" it may appear that SELinux is disabled, but it is simply in an uninitialized state. If you load a policy with `load_policy -i`, you will see SELinux come alive just as if you had loaded the policy during early-boot. It is also worth noting that the "/sys/fs/selinux/disable" file is always writable now, regardless of the Kconfig settings, but writing to the file has no effect on the system, other than to display an error on the console if a non-zero/true value is written. Finally, in the several years where we have been working on deprecating this functionality, there has only been one instance of someone mentioning any user visible breakage. In this particular case it was an individual's kernel test system, and the workaround documented in the deprecation notice ("selinux=0" on the kernel command line) resolved the issue without problem. Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
a7e4676e8e
commit
f22f9aaf6c
|
@ -4,6 +4,9 @@ KernelVersion: 2.6.12-rc2 (predates git)
|
|||
Contact: selinux@vger.kernel.org
|
||||
Description:
|
||||
|
||||
REMOVAL UPDATE: The SELinux runtime disable functionality was removed
|
||||
in March 2023, the original deprecation notice is shown below.
|
||||
|
||||
The selinuxfs "disable" node allows SELinux to be disabled at runtime
|
||||
prior to a policy being loaded into the kernel. If disabled via this
|
||||
mechanism, SELinux will remain disabled until the system is rebooted.
|
|
@ -1763,13 +1763,6 @@ static inline void security_delete_hooks(struct security_hook_list *hooks,
|
|||
}
|
||||
#endif /* CONFIG_SECURITY_SELINUX_DISABLE */
|
||||
|
||||
/* Currently required to handle SELinux runtime hook disable. */
|
||||
#ifdef CONFIG_SECURITY_WRITABLE_HOOKS
|
||||
#define __lsm_ro_after_init
|
||||
#else
|
||||
#define __lsm_ro_after_init __ro_after_init
|
||||
#endif /* CONFIG_SECURITY_WRITABLE_HOOKS */
|
||||
|
||||
extern int lsm_inode_alloc(struct inode *inode);
|
||||
|
||||
#endif /* ! __LINUX_LSM_HOOKS_H */
|
||||
|
|
|
@ -32,11 +32,6 @@ config SECURITY
|
|||
|
||||
If you are unsure how to answer this question, answer N.
|
||||
|
||||
config SECURITY_WRITABLE_HOOKS
|
||||
depends on SECURITY
|
||||
bool
|
||||
default n
|
||||
|
||||
config SECURITYFS
|
||||
bool "Enable the securityfs filesystem"
|
||||
help
|
||||
|
|
|
@ -1209,13 +1209,13 @@ static int apparmor_inet_conn_request(const struct sock *sk, struct sk_buff *skb
|
|||
/*
|
||||
* The cred blob is a pointer to, not an instance of, an aa_label.
|
||||
*/
|
||||
struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = {
|
||||
struct lsm_blob_sizes apparmor_blob_sizes __ro_after_init = {
|
||||
.lbs_cred = sizeof(struct aa_label *),
|
||||
.lbs_file = sizeof(struct aa_file_ctx),
|
||||
.lbs_task = sizeof(struct aa_task_ctx),
|
||||
};
|
||||
|
||||
static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
|
||||
static struct security_hook_list apparmor_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check),
|
||||
LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme),
|
||||
LSM_HOOK_INIT(capget, apparmor_capget),
|
||||
|
@ -1427,7 +1427,7 @@ static const struct kernel_param_ops param_ops_aaintbool = {
|
|||
.get = param_get_aaintbool
|
||||
};
|
||||
/* Boot time disable flag */
|
||||
static int apparmor_enabled __lsm_ro_after_init = 1;
|
||||
static int apparmor_enabled __ro_after_init = 1;
|
||||
module_param_named(enabled, apparmor_enabled, aaintbool, 0444);
|
||||
|
||||
static int __init apparmor_enabled_setup(char *str)
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
#include <linux/lsm_hooks.h>
|
||||
#include <linux/bpf_lsm.h>
|
||||
|
||||
static struct security_hook_list bpf_lsm_hooks[] __lsm_ro_after_init = {
|
||||
static struct security_hook_list bpf_lsm_hooks[] __ro_after_init = {
|
||||
#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
|
||||
LSM_HOOK_INIT(NAME, bpf_lsm_##NAME),
|
||||
#include <linux/lsm_hook_defs.h>
|
||||
|
@ -22,7 +22,7 @@ static int __init bpf_lsm_init(void)
|
|||
return 0;
|
||||
}
|
||||
|
||||
struct lsm_blob_sizes bpf_lsm_blob_sizes __lsm_ro_after_init = {
|
||||
struct lsm_blob_sizes bpf_lsm_blob_sizes __ro_after_init = {
|
||||
.lbs_inode = sizeof(struct bpf_storage_blob),
|
||||
.lbs_task = sizeof(struct bpf_storage_blob),
|
||||
};
|
||||
|
|
|
@ -1440,7 +1440,7 @@ int cap_mmap_file(struct file *file, unsigned long reqprot,
|
|||
|
||||
#ifdef CONFIG_SECURITY
|
||||
|
||||
static struct security_hook_list capability_hooks[] __lsm_ro_after_init = {
|
||||
static struct security_hook_list capability_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(capable, cap_capable),
|
||||
LSM_HOOK_INIT(settime, cap_settime),
|
||||
LSM_HOOK_INIT(ptrace_access_check, cap_ptrace_access_check),
|
||||
|
|
|
@ -34,7 +34,7 @@ static void hook_cred_free(struct cred *const cred)
|
|||
landlock_put_ruleset_deferred(dom);
|
||||
}
|
||||
|
||||
static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
|
||||
static struct security_hook_list landlock_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(cred_prepare, hook_cred_prepare),
|
||||
LSM_HOOK_INIT(cred_free, hook_cred_free),
|
||||
};
|
||||
|
|
|
@ -1280,7 +1280,7 @@ static int hook_file_truncate(struct file *const file)
|
|||
return -EACCES;
|
||||
}
|
||||
|
||||
static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
|
||||
static struct security_hook_list landlock_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(inode_free_security, hook_inode_free_security),
|
||||
|
||||
LSM_HOOK_INIT(sb_delete, hook_sb_delete),
|
||||
|
|
|
@ -108,7 +108,7 @@ static int hook_ptrace_traceme(struct task_struct *const parent)
|
|||
return task_ptrace(parent, current);
|
||||
}
|
||||
|
||||
static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = {
|
||||
static struct security_hook_list landlock_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(ptrace_access_check, hook_ptrace_access_check),
|
||||
LSM_HOOK_INIT(ptrace_traceme, hook_ptrace_traceme),
|
||||
};
|
||||
|
|
|
@ -15,9 +15,9 @@
|
|||
#include "ptrace.h"
|
||||
#include "setup.h"
|
||||
|
||||
bool landlock_initialized __lsm_ro_after_init = false;
|
||||
bool landlock_initialized __ro_after_init = false;
|
||||
|
||||
struct lsm_blob_sizes landlock_blob_sizes __lsm_ro_after_init = {
|
||||
struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = {
|
||||
.lbs_cred = sizeof(struct landlock_cred_security),
|
||||
.lbs_file = sizeof(struct landlock_file_security),
|
||||
.lbs_inode = sizeof(struct landlock_inode_security),
|
||||
|
|
|
@ -214,7 +214,7 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents)
|
|||
return loadpin_check(NULL, (enum kernel_read_file_id) id);
|
||||
}
|
||||
|
||||
static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = {
|
||||
static struct security_hook_list loadpin_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security),
|
||||
LSM_HOOK_INIT(kernel_read_file, loadpin_read_file),
|
||||
LSM_HOOK_INIT(kernel_load_data, loadpin_load_data),
|
||||
|
|
|
@ -71,7 +71,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = {
|
||||
static struct security_hook_list lockdown_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(locked_down, lockdown_is_locked_down),
|
||||
};
|
||||
|
||||
|
|
|
@ -74,14 +74,14 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
|
|||
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
|
||||
};
|
||||
|
||||
struct security_hook_heads security_hook_heads __lsm_ro_after_init;
|
||||
struct security_hook_heads security_hook_heads __ro_after_init;
|
||||
static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain);
|
||||
|
||||
static struct kmem_cache *lsm_file_cache;
|
||||
static struct kmem_cache *lsm_inode_cache;
|
||||
|
||||
char *lsm_names;
|
||||
static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init;
|
||||
static struct lsm_blob_sizes blob_sizes __ro_after_init;
|
||||
|
||||
/* Boot-time LSM user choice */
|
||||
static __initdata const char *chosen_lsm_order;
|
||||
|
|
|
@ -23,30 +23,6 @@ config SECURITY_SELINUX_BOOTPARAM
|
|||
|
||||
If you are unsure how to answer this question, answer N.
|
||||
|
||||
config SECURITY_SELINUX_DISABLE
|
||||
bool "NSA SELinux runtime disable"
|
||||
depends on SECURITY_SELINUX
|
||||
select SECURITY_WRITABLE_HOOKS
|
||||
default n
|
||||
help
|
||||
This option enables writing to a selinuxfs node 'disable', which
|
||||
allows SELinux to be disabled at runtime prior to the policy load.
|
||||
SELinux will then remain disabled until the next boot.
|
||||
This option is similar to the selinux=0 boot parameter, but is to
|
||||
support runtime disabling of SELinux, e.g. from /sbin/init, for
|
||||
portability across platforms where boot parameters are difficult
|
||||
to employ.
|
||||
|
||||
NOTE: selecting this option will disable the '__ro_after_init'
|
||||
kernel hardening feature for security hooks. Please consider
|
||||
using the selinux=0 boot parameter instead of enabling this
|
||||
option.
|
||||
|
||||
WARNING: this option is deprecated and will be removed in a future
|
||||
kernel release.
|
||||
|
||||
If you are unsure how to answer this question, answer N.
|
||||
|
||||
config SECURITY_SELINUX_DEVELOP
|
||||
bool "NSA SELinux Development Support"
|
||||
depends on SECURITY_SELINUX
|
||||
|
|
|
@ -6769,7 +6769,7 @@ static void selinux_bpf_prog_free(struct bpf_prog_aux *aux)
|
|||
}
|
||||
#endif
|
||||
|
||||
struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
|
||||
struct lsm_blob_sizes selinux_blob_sizes __ro_after_init = {
|
||||
.lbs_cred = sizeof(struct task_security_struct),
|
||||
.lbs_file = sizeof(struct file_security_struct),
|
||||
.lbs_inode = sizeof(struct inode_security_struct),
|
||||
|
@ -6905,7 +6905,7 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd)
|
|||
* safely. Breaking the ordering rules above might lead to NULL pointer derefs
|
||||
* when disabling SELinux at runtime.
|
||||
*/
|
||||
static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
|
||||
static struct security_hook_list selinux_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
|
||||
LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
|
||||
LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
|
||||
|
@ -7253,7 +7253,6 @@ DEFINE_LSM(selinux) = {
|
|||
};
|
||||
|
||||
#if defined(CONFIG_NETFILTER)
|
||||
|
||||
static const struct nf_hook_ops selinux_nf_ops[] = {
|
||||
{
|
||||
.hook = selinux_ip_postroute,
|
||||
|
@ -7328,56 +7327,4 @@ static int __init selinux_nf_ip_init(void)
|
|||
return 0;
|
||||
}
|
||||
__initcall(selinux_nf_ip_init);
|
||||
|
||||
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
|
||||
static void selinux_nf_ip_exit(void)
|
||||
{
|
||||
pr_debug("SELinux: Unregistering netfilter hooks\n");
|
||||
|
||||
unregister_pernet_subsys(&selinux_net_ops);
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* CONFIG_NETFILTER */
|
||||
|
||||
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
|
||||
#define selinux_nf_ip_exit()
|
||||
#endif
|
||||
|
||||
#endif /* CONFIG_NETFILTER */
|
||||
|
||||
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
|
||||
int selinux_disable(void)
|
||||
{
|
||||
if (selinux_initialized()) {
|
||||
/* Not permitted after initial policy load. */
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (selinux_disabled()) {
|
||||
/* Only do this once. */
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
selinux_mark_disabled();
|
||||
|
||||
pr_info("SELinux: Disabled at runtime.\n");
|
||||
|
||||
/*
|
||||
* Unregister netfilter hooks.
|
||||
* Must be done before security_delete_hooks() to avoid breaking
|
||||
* runtime disable.
|
||||
*/
|
||||
selinux_nf_ip_exit();
|
||||
|
||||
security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
|
||||
|
||||
/* Try to destroy the avc node cache */
|
||||
avc_disable();
|
||||
|
||||
/* Unregister selinuxfs. */
|
||||
exit_sel_fs();
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -89,9 +89,6 @@ extern int selinux_enabled_boot;
|
|||
struct selinux_policy;
|
||||
|
||||
struct selinux_state {
|
||||
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
|
||||
bool disabled;
|
||||
#endif
|
||||
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
|
||||
bool enforcing;
|
||||
#endif
|
||||
|
@ -148,23 +145,6 @@ static inline bool checkreqprot_get(void)
|
|||
return 0;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
|
||||
static inline bool selinux_disabled(void)
|
||||
{
|
||||
return READ_ONCE(selinux_state.disabled);
|
||||
}
|
||||
|
||||
static inline void selinux_mark_disabled(void)
|
||||
{
|
||||
WRITE_ONCE(selinux_state.disabled, true);
|
||||
}
|
||||
#else
|
||||
static inline bool selinux_disabled(void)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
static inline bool selinux_policycap_netpeer(void)
|
||||
{
|
||||
struct selinux_state *state = &selinux_state;
|
||||
|
@ -404,7 +384,6 @@ struct selinux_kernel_status {
|
|||
extern void selinux_status_update_setenforce(int enforcing);
|
||||
extern void selinux_status_update_policyload(int seqno);
|
||||
extern void selinux_complete_init(void);
|
||||
extern int selinux_disable(void);
|
||||
extern void exit_sel_fs(void);
|
||||
extern struct path selinux_null;
|
||||
extern void selnl_notify_setenforce(int val);
|
||||
|
|
|
@ -267,7 +267,6 @@ static const struct file_operations sel_handle_status_ops = {
|
|||
.llseek = generic_file_llseek,
|
||||
};
|
||||
|
||||
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
|
||||
static ssize_t sel_write_disable(struct file *file, const char __user *buf,
|
||||
size_t count, loff_t *ppos)
|
||||
|
||||
|
@ -275,16 +274,6 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
|
|||
char *page;
|
||||
ssize_t length;
|
||||
int new_value;
|
||||
int enforcing;
|
||||
|
||||
/* NOTE: we are now officially considering runtime disable as
|
||||
* deprecated, and using it will become increasingly painful
|
||||
* (e.g. sleeping/blocking) as we progress through future
|
||||
* kernel releases until eventually it is removed
|
||||
*/
|
||||
pr_err("SELinux: Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n");
|
||||
pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
|
||||
ssleep(15);
|
||||
|
||||
if (count >= PAGE_SIZE)
|
||||
return -ENOMEM;
|
||||
|
@ -297,31 +286,21 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
|
|||
if (IS_ERR(page))
|
||||
return PTR_ERR(page);
|
||||
|
||||
length = -EINVAL;
|
||||
if (sscanf(page, "%d", &new_value) != 1)
|
||||
if (sscanf(page, "%d", &new_value) != 1) {
|
||||
length = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
length = count;
|
||||
|
||||
if (new_value) {
|
||||
enforcing = enforcing_enabled();
|
||||
length = selinux_disable();
|
||||
if (length)
|
||||
goto out;
|
||||
audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
|
||||
"enforcing=%d old_enforcing=%d auid=%u ses=%u"
|
||||
" enabled=0 old-enabled=1 lsm=selinux res=1",
|
||||
enforcing, enforcing,
|
||||
from_kuid(&init_user_ns, audit_get_loginuid(current)),
|
||||
audit_get_sessionid(current));
|
||||
pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
|
||||
pr_err("SELinux: Runtime disable is not supported, use selinux=0 on the kernel cmdline.\n");
|
||||
}
|
||||
|
||||
length = count;
|
||||
out:
|
||||
kfree(page);
|
||||
return length;
|
||||
}
|
||||
#else
|
||||
#define sel_write_disable NULL
|
||||
#endif
|
||||
|
||||
static const struct file_operations sel_disable_ops = {
|
||||
.write = sel_write_disable,
|
||||
|
@ -2194,13 +2173,3 @@ static int __init init_sel_fs(void)
|
|||
}
|
||||
|
||||
__initcall(init_sel_fs);
|
||||
|
||||
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
|
||||
void exit_sel_fs(void)
|
||||
{
|
||||
sysfs_remove_mount_point(fs_kobj, "selinux");
|
||||
dput(selinux_null.dentry);
|
||||
kern_unmount(selinuxfs_mount);
|
||||
unregister_filesystem(&sel_fs_type);
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -4847,7 +4847,7 @@ static int smack_uring_cmd(struct io_uring_cmd *ioucmd)
|
|||
|
||||
#endif /* CONFIG_IO_URING */
|
||||
|
||||
struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
|
||||
struct lsm_blob_sizes smack_blob_sizes __ro_after_init = {
|
||||
.lbs_cred = sizeof(struct task_smack),
|
||||
.lbs_file = sizeof(struct smack_known *),
|
||||
.lbs_inode = sizeof(struct inode_smack),
|
||||
|
@ -4856,7 +4856,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = {
|
|||
.lbs_superblock = sizeof(struct superblock_smack),
|
||||
};
|
||||
|
||||
static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
|
||||
static struct security_hook_list smack_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
|
||||
LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
|
||||
LSM_HOOK_INIT(syslog, smack_syslog),
|
||||
|
|
|
@ -499,7 +499,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
|
|||
return tomoyo_socket_sendmsg_permission(sock, msg, size);
|
||||
}
|
||||
|
||||
struct lsm_blob_sizes tomoyo_blob_sizes __lsm_ro_after_init = {
|
||||
struct lsm_blob_sizes tomoyo_blob_sizes __ro_after_init = {
|
||||
.lbs_task = sizeof(struct tomoyo_task),
|
||||
};
|
||||
|
||||
|
@ -546,7 +546,7 @@ static void tomoyo_task_free(struct task_struct *task)
|
|||
* tomoyo_security_ops is a "struct security_operations" which is used for
|
||||
* registering TOMOYO.
|
||||
*/
|
||||
static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
|
||||
static struct security_hook_list tomoyo_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare),
|
||||
LSM_HOOK_INIT(bprm_committed_creds, tomoyo_bprm_committed_creds),
|
||||
LSM_HOOK_INIT(task_alloc, tomoyo_task_alloc),
|
||||
|
@ -583,7 +583,7 @@ static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
|
|||
/* Lock for GC. */
|
||||
DEFINE_SRCU(tomoyo_ss);
|
||||
|
||||
int tomoyo_enabled __lsm_ro_after_init = 1;
|
||||
int tomoyo_enabled __ro_after_init = 1;
|
||||
|
||||
/**
|
||||
* tomoyo_init - Register TOMOYO Linux as a LSM module.
|
||||
|
|
|
@ -421,7 +421,7 @@ static int yama_ptrace_traceme(struct task_struct *parent)
|
|||
return rc;
|
||||
}
|
||||
|
||||
static struct security_hook_list yama_hooks[] __lsm_ro_after_init = {
|
||||
static struct security_hook_list yama_hooks[] __ro_after_init = {
|
||||
LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check),
|
||||
LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme),
|
||||
LSM_HOOK_INIT(task_prctl, yama_task_prctl),
|
||||
|
|
Loading…
Reference in New Issue