tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
securityfs: do not depend on CONFIG_SECURITY
Add a new Kconfig option SECURITYFS which will build securityfs support
but does not require CONFIG_SECURITY. The only current user of
securityfs does not depend on CONFIG_SECURITY and there is no reason the
full LSM needs to be built to build this fs.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
authored by
Eric Paris
and committed by
James Morris
da31894e
86d68898
+41
-25
+1
drivers/char/tpm/Kconfig
+1
drivers/char/tpm/Kconfig
+30
-24
include/linux/security.h
+30
-24
include/linux/security.h
···
1560
1560
extern int security_init(void);
1561
1561
extern int security_module_enable(struct security_operations *ops);
1562
1562
extern int register_security(struct security_operations *ops);
1563
-
extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
1564
-
struct dentry *parent, void *data,
1565
-
const struct file_operations *fops);
1566
-
extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
1567
-
extern void securityfs_remove(struct dentry *dentry);
1568
1563
1569
1564
/* Security operations */
1570
1565
int security_ptrace_may_access(struct task_struct *child, unsigned int mode);
···
2419
2424
return cap_netlink_recv(skb, cap);
2420
2425
}
2421
2426
2422
-
static inline struct dentry *securityfs_create_dir(const char *name,
2423
-
struct dentry *parent)
2424
-
{
2425
-
return ERR_PTR(-ENODEV);
2426
-
}
2427
-
2428
-
static inline struct dentry *securityfs_create_file(const char *name,
2429
-
mode_t mode,
2430
-
struct dentry *parent,
2431
-
void *data,
2432
-
const struct file_operations *fops)
2433
-
{
2434
-
return ERR_PTR(-ENODEV);
2435
-
}
2436
-
2437
-
static inline void securityfs_remove(struct dentry *dentry)
2438
-
{
2439
-
}
2440
-
2441
2427
static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2442
2428
{
2443
2429
return -EOPNOTSUPP;
···
2781
2805
2782
2806
#endif /* CONFIG_SECURITY */
2783
2807
#endif /* CONFIG_AUDIT */
2808
+
2809
+
#ifdef CONFIG_SECURITYFS
2810
+
2811
+
extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
2812
+
struct dentry *parent, void *data,
2813
+
const struct file_operations *fops);
2814
+
extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
2815
+
extern void securityfs_remove(struct dentry *dentry);
2816
+
2817
+
#else /* CONFIG_SECURITYFS */
2818
+
2819
+
static inline struct dentry *securityfs_create_dir(const char *name,
2820
+
struct dentry *parent)
2821
+
{
2822
+
return ERR_PTR(-ENODEV);
2823
+
}
2824
+
2825
+
static inline struct dentry *securityfs_create_file(const char *name,
2826
+
mode_t mode,
2827
+
struct dentry *parent,
2828
+
void *data,
2829
+
const struct file_operations *fops)
2830
+
{
2831
+
return ERR_PTR(-ENODEV);
2832
+
}
2833
+
2834
+
static inline void securityfs_remove(struct dentry *dentry)
2835
+
{}
2836
+
2837
+
#endif
2784
2838
2785
2839
#endif /* ! __LINUX_SECURITY_H */
2786
2840
+8
security/Kconfig
+8
security/Kconfig
···
51
51
52
52
If you are unsure how to answer this question, answer N.
53
53
54
+
config SECURITYFS
55
+
bool "Enable the securityfs filesystem"
56
+
help
57
+
This will build the securityfs filesystem. It is currently used by
58
+
the TPM bios character driver. It is not used by SELinux or SMACK.
59
+
60
+
If you are unsure how to answer this question, answer N.
61
+
54
62
config SECURITY_NETWORK
55
63
bool "Socket and Networking Security Hooks"
56
64
depends on SECURITY
+2
-1
security/Makefile
+2
-1
security/Makefile
···
10
10
obj-y += commoncap.o
11
11
12
12
# Object file lists
13
-
obj-$(CONFIG_SECURITY) += security.o capability.o inode.o
13
+
obj-$(CONFIG_SECURITY) += security.o capability.o
14
+
obj-$(CONFIG_SECURITYFS) += inode.o
14
15
# Must precede capability.o in order to stack properly.
15
16
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
16
17
obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o