Commit 3518172a authored by James Morris's avatar James Morris

[LSM]: networking hooks, kconfig bits.

parent 67f0857a
......@@ -63,16 +63,14 @@ extern void cap_task_reparent_to_init (struct task_struct *p);
/* setfsuid or setfsgid, id0 == fsuid or fsgid */
#define LSM_SETID_FS 8
#ifdef CONFIG_SECURITY
/* forward declares to avoid warnings */
struct sk_buff;
struct net_device;
struct nfsctl_arg;
struct sched_param;
struct swap_info_struct;
#ifdef CONFIG_SECURITY
/**
* struct security_operations - main security structure
*
......@@ -952,6 +950,9 @@ struct security_operations {
struct security_operations *ops);
int (*unregister_security) (const char *name,
struct security_operations *ops);
#ifdef CONFIG_SECURITY_NETWORK
#endif /* CONFIG_SECURITY_NETWORK */
};
/* global variables */
......@@ -2106,5 +2107,9 @@ static inline int security_sem_semop (struct sem_array * sma,
#endif /* CONFIG_SECURITY */
#ifdef CONFIG_SECURITY_NETWORK
#else /* CONFIG_SECURITY_NETWORK */
#endif /* CONFIG_SECURITY_NETWORK */
#endif /* ! __LINUX_SECURITY_H */
......@@ -15,6 +15,15 @@ config SECURITY
If you are unsure how to answer this question, answer N.
config SECURITY_NETWORK
bool "Socket and Networking Security Hooks"
depends on SECURITY
help
This enables the socket and networking security hooks.
If enabled, a security module can use these hooks to
implement socket and networking access controls.
If you are unsure how to answer this question, answer N.
config SECURITY_CAPABILITIES
tristate "Default Linux Capabilities"
depends on SECURITY!=n
......
......@@ -597,6 +597,9 @@ static int dummy_sem_semop (struct sem_array *sma,
return 0;
}
#ifdef CONFIG_SECURITY_NETWORK
#endif /* CONFIG_SECURITY_NETWORK */
static int dummy_register_security (const char *name, struct security_operations *ops)
{
return -EINVAL;
......@@ -725,5 +728,7 @@ void security_fixup_ops (struct security_operations *ops)
set_to_dummy_if_null(ops, sem_semop);
set_to_dummy_if_null(ops, register_security);
set_to_dummy_if_null(ops, unregister_security);
#ifdef CONFIG_SECURITY_NETWORK
#endif /* CONFIG_SECURITY_NETWORK */
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment