[patch 2/15] lsm stacking v0.3: add module * to security_ops

From: serue
Date: Wed Jul 27 2005 - 13:22:55 EST


Add the owning module to the security_operations struct. This will allow
stacker to module_get the LSM to prevent its premature unloading.

Signed-off-by: Serge Hallyn <serue@xxxxxxxxxx>
--
include/linux/security.h | 7 +++++++
security/capability.c | 1 +
security/root_plug.c | 2 ++
security/seclvl.c | 1 +
security/selinux/hooks.c | 2 ++
5 files changed, 13 insertions(+)

Index: linux-2.6.13-rc3/include/linux/security.h
===================================================================
--- linux-2.6.13-rc3.orig/include/linux/security.h 2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/include/linux/security.h 2005-07-18 15:51:36.000000000 -0500
@@ -32,6 +32,7 @@
#include <linux/sched.h>

struct ctl_table;
+struct module;

/*
* These functions are in security/capability.c and are used
@@ -94,6 +95,10 @@ struct swap_info_struct;
*
* Security hooks for program execution operations.
*
+ *
+ * @owner:
+ * Module owning this security_operations. NULL if not a module.
+ *
* @bprm_alloc_security:
* Allocate and attach a security structure to the @bprm->security field.
* The security field is initialized to NULL when the bprm structure is
@@ -1027,6 +1032,8 @@ struct swap_info_struct;
* This is the main security structure.
*/
struct security_operations {
+ struct module *owner;
+
int (*ptrace) (struct task_struct * parent, struct task_struct * child);
int (*capget) (struct task_struct * target,
kernel_cap_t * effective,
Index: linux-2.6.13-rc3/security/capability.c
===================================================================
--- linux-2.6.13-rc3.orig/security/capability.c 2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/security/capability.c 2005-07-18 15:51:36.000000000 -0500
@@ -25,6 +25,7 @@
#include <linux/moduleparam.h>

static struct security_operations capability_ops = {
+ .owner = THIS_MODULE,
.ptrace = cap_ptrace,
.capget = cap_capget,
.capset_check = cap_capset_check,
Index: linux-2.6.13-rc3/security/root_plug.c
===================================================================
--- linux-2.6.13-rc3.orig/security/root_plug.c 2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/security/root_plug.c 2005-07-18 15:51:36.000000000 -0500
@@ -83,6 +83,8 @@ static int rootplug_bprm_check_security
}

static struct security_operations rootplug_security_ops = {
+ .owner = THIS_MODULE,
+
/* Use the capability functions for some of the hooks */
.ptrace = cap_ptrace,
.capget = cap_capget,
Index: linux-2.6.13-rc3/security/seclvl.c
===================================================================
--- linux-2.6.13-rc3.orig/security/seclvl.c 2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/security/seclvl.c 2005-07-18 15:51:36.000000000 -0500
@@ -591,6 +591,7 @@ static int seclvl_umount(struct vfsmount
}

static struct security_operations seclvl_ops = {
+ .owner = THIS_MODULE,
.ptrace = seclvl_ptrace,
.capable = seclvl_capable,
.inode_permission = seclvl_inode_permission,
Index: linux-2.6.13-rc3/security/selinux/hooks.c
===================================================================
--- linux-2.6.13-rc3.orig/security/selinux/hooks.c 2005-07-18 15:49:52.000000000 -0500
+++ linux-2.6.13-rc3/security/selinux/hooks.c 2005-07-18 15:51:36.000000000 -0500
@@ -4265,6 +4265,8 @@ static int selinux_setprocattr(struct ta
}

static struct security_operations selinux_ops = {
+ .owner = THIS_MODULE,
+
.ptrace = selinux_ptrace,
.capget = selinux_capget,
.capset_check = selinux_capset_check,
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/