Add the owning module to the security_operations struct. This will allow
stacker to module_get the LSM to prevent its premature unloading.
Signed-off-by: Serge Hallyn <[email protected]>
--
include/linux/security.h | 7 +++++++
security/capability.c | 1 +
security/root_plug.c | 2 ++
security/seclvl.c | 1 +
security/selinux/hooks.c | 2 ++
5 files changed, 13 insertions(+)
Index: linux-2.6.13-rc3/include/linux/security.h
===================================================================
--- linux-2.6.13-rc3.orig/include/linux/security.h 2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/include/linux/security.h 2005-07-18 15:51:36.000000000 -0500
@@ -32,6 +32,7 @@
#include <linux/sched.h>
struct ctl_table;
+struct module;
/*
* These functions are in security/capability.c and are used
@@ -94,6 +95,10 @@ struct swap_info_struct;
*
* Security hooks for program execution operations.
*
+ *
+ * @owner:
+ * Module owning this security_operations. NULL if not a module.
+ *
* @bprm_alloc_security:
* Allocate and attach a security structure to the @bprm->security field.
* The security field is initialized to NULL when the bprm structure is
@@ -1027,6 +1032,8 @@ struct swap_info_struct;
* This is the main security structure.
*/
struct security_operations {
+ struct module *owner;
+
int (*ptrace) (struct task_struct * parent, struct task_struct * child);
int (*capget) (struct task_struct * target,
kernel_cap_t * effective,
Index: linux-2.6.13-rc3/security/capability.c
===================================================================
--- linux-2.6.13-rc3.orig/security/capability.c 2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/security/capability.c 2005-07-18 15:51:36.000000000 -0500
@@ -25,6 +25,7 @@
#include <linux/moduleparam.h>
static struct security_operations capability_ops = {
+ .owner = THIS_MODULE,
.ptrace = cap_ptrace,
.capget = cap_capget,
.capset_check = cap_capset_check,
Index: linux-2.6.13-rc3/security/root_plug.c
===================================================================
--- linux-2.6.13-rc3.orig/security/root_plug.c 2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/security/root_plug.c 2005-07-18 15:51:36.000000000 -0500
@@ -83,6 +83,8 @@ static int rootplug_bprm_check_security
}
static struct security_operations rootplug_security_ops = {
+ .owner = THIS_MODULE,
+
/* Use the capability functions for some of the hooks */
.ptrace = cap_ptrace,
.capget = cap_capget,
Index: linux-2.6.13-rc3/security/seclvl.c
===================================================================
--- linux-2.6.13-rc3.orig/security/seclvl.c 2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/security/seclvl.c 2005-07-18 15:51:36.000000000 -0500
@@ -591,6 +591,7 @@ static int seclvl_umount(struct vfsmount
}
static struct security_operations seclvl_ops = {
+ .owner = THIS_MODULE,
.ptrace = seclvl_ptrace,
.capable = seclvl_capable,
.inode_permission = seclvl_inode_permission,
Index: linux-2.6.13-rc3/security/selinux/hooks.c
===================================================================
--- linux-2.6.13-rc3.orig/security/selinux/hooks.c 2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/security/selinux/hooks.c 2005-07-18 15:51:36.000000000 -0500
@@ -4265,6 +4265,8 @@ static int selinux_setprocattr(struct ta
}
static struct security_operations selinux_ops = {
+ .owner = THIS_MODULE,
+
.ptrace = selinux_ptrace,
.capget = selinux_capget,
.capset_check = selinux_capset_check,
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |