diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-08-28 14:58:44 +0900 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-10-21 10:12:34 +1100 |
| commit | 065d78a0603cc6f8d288e96dbf761b96984b634f (patch) | |
| tree | b95d865a91a6895d54b7b6486ebeb3b40bf2648e /security/security.c | |
| parent | daa6d83a2863c28197b0c7dabfdf1e0606760b78 (diff) | |
LSM: Fix security_module_enable() error.
We can set default LSM module to DAC (which means "enable no LSM module").
If default LSM module was set to DAC, security_module_enable() must return 0
unless overridden via boot time parameter.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/security/security.c b/security/security.c index c53949f17d9e..43b6463ebbfb 100644 --- a/security/security.c +++ b/security/security.c @@ -89,20 +89,12 @@ __setup("security=", choose_lsm); * Return true if: * -The passed LSM is the one chosen by user at boot time, * -or the passed LSM is configured as the default and the user did not - * choose an alternate LSM at boot time, - * -or there is no default LSM set and the user didn't specify a - * specific LSM and we're the first to ask for registration permission, - * -or the passed LSM is currently loaded. + * choose an alternate LSM at boot time. * Otherwise, return false. */ int __init security_module_enable(struct security_operations *ops) { - if (!*chosen_lsm) - strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX); - else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX)) - return 0; - - return 1; + return !strcmp(ops->name, chosen_lsm); } /** |