[patch 2/15] lsm stacking v0.3: add module * to security_ops

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Add the owning module to the security_operations struct.  This will allow
stacker to module_get the LSM to prevent its premature unloading.

Signed-off-by: Serge Hallyn <[email protected]>
--
 include/linux/security.h |    7 +++++++
 security/capability.c    |    1 +
 security/root_plug.c     |    2 ++
 security/seclvl.c        |    1 +
 security/selinux/hooks.c |    2 ++
 5 files changed, 13 insertions(+)

Index: linux-2.6.13-rc3/include/linux/security.h
===================================================================
--- linux-2.6.13-rc3.orig/include/linux/security.h	2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/include/linux/security.h	2005-07-18 15:51:36.000000000 -0500
@@ -32,6 +32,7 @@
 #include <linux/sched.h>
 
 struct ctl_table;
+struct module;
 
 /*
  * These functions are in security/capability.c and are used
@@ -94,6 +95,10 @@ struct swap_info_struct;
  *
  * Security hooks for program execution operations.
  *
+ *
+ * @owner:
+ *	Module owning this security_operations.  NULL if not a module.
+ *
  * @bprm_alloc_security:
  *	Allocate and attach a security structure to the @bprm->security field.
  *	The security field is initialized to NULL when the bprm structure is
@@ -1027,6 +1032,8 @@ struct swap_info_struct;
  * This is the main security structure.
  */
 struct security_operations {
+	struct module *owner;
+
 	int (*ptrace) (struct task_struct * parent, struct task_struct * child);
 	int (*capget) (struct task_struct * target,
 		       kernel_cap_t * effective,
Index: linux-2.6.13-rc3/security/capability.c
===================================================================
--- linux-2.6.13-rc3.orig/security/capability.c	2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/security/capability.c	2005-07-18 15:51:36.000000000 -0500
@@ -25,6 +25,7 @@
 #include <linux/moduleparam.h>
 
 static struct security_operations capability_ops = {
+	.owner =			THIS_MODULE,
 	.ptrace =			cap_ptrace,
 	.capget =			cap_capget,
 	.capset_check =			cap_capset_check,
Index: linux-2.6.13-rc3/security/root_plug.c
===================================================================
--- linux-2.6.13-rc3.orig/security/root_plug.c	2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/security/root_plug.c	2005-07-18 15:51:36.000000000 -0500
@@ -83,6 +83,8 @@ static int rootplug_bprm_check_security 
 }
 
 static struct security_operations rootplug_security_ops = {
+	.owner =			THIS_MODULE,
+
 	/* Use the capability functions for some of the hooks */
 	.ptrace =			cap_ptrace,
 	.capget =			cap_capget,
Index: linux-2.6.13-rc3/security/seclvl.c
===================================================================
--- linux-2.6.13-rc3.orig/security/seclvl.c	2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/security/seclvl.c	2005-07-18 15:51:36.000000000 -0500
@@ -591,6 +591,7 @@ static int seclvl_umount(struct vfsmount
 }
 
 static struct security_operations seclvl_ops = {
+	.owner = THIS_MODULE,
 	.ptrace = seclvl_ptrace,
 	.capable = seclvl_capable,
 	.inode_permission = seclvl_inode_permission,
Index: linux-2.6.13-rc3/security/selinux/hooks.c
===================================================================
--- linux-2.6.13-rc3.orig/security/selinux/hooks.c	2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/security/selinux/hooks.c	2005-07-18 15:51:36.000000000 -0500
@@ -4265,6 +4265,8 @@ static int selinux_setprocattr(struct ta
 }
 
 static struct security_operations selinux_ops = {
+	.owner =			THIS_MODULE,
+
 	.ptrace =			selinux_ptrace,
 	.capget =			selinux_capget,
 	.capset_check =			selinux_capset_check,
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux