summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2012-09-04 13:32:13 -0700
committerJames Morris <james.l.morris@oracle.com>2012-09-05 14:12:31 -0700
commitc6993e4ac002c92bc75379212e9179c36d4bf7ee (patch)
treecdb4c800ea3cf4003b07087166cc767dab79032f /include
parent81198078d7da4240f3cbfc2c6a8ea6cd417f51a7 (diff)
downloadlwn-c6993e4ac002c92bc75379212e9179c36d4bf7ee.tar.gz
lwn-c6993e4ac002c92bc75379212e9179c36d4bf7ee.zip
security: allow Yama to be unconditionally stacked
Unconditionally call Yama when CONFIG_SECURITY_YAMA_STACKED is selected, no matter what LSM module is primary. Ubuntu and Chrome OS already carry patches to do this, and Fedora has voiced interest in doing this as well. Instead of having multiple distributions (or LSM authors) carrying these patches, just allow Yama to be called unconditionally when selected by the new CONFIG. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: Eric Paris <eparis@redhat.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'include')
-rw-r--r--include/linux/security.h31
1 files changed, 31 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 3dea6a9d568f..01ef030b9409 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -3021,5 +3021,36 @@ static inline void free_secdata(void *secdata)
{ }
#endif /* CONFIG_SECURITY */
+#ifdef CONFIG_SECURITY_YAMA
+extern int yama_ptrace_access_check(struct task_struct *child,
+ unsigned int mode);
+extern int yama_ptrace_traceme(struct task_struct *parent);
+extern void yama_task_free(struct task_struct *task);
+extern int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3,
+ unsigned long arg4, unsigned long arg5);
+#else
+static inline int yama_ptrace_access_check(struct task_struct *child,
+ unsigned int mode)
+{
+ return 0;
+}
+
+static inline int yama_ptrace_traceme(struct task_struct *parent)
+{
+ return 0;
+}
+
+static inline void yama_task_free(struct task_struct *task)
+{
+}
+
+static inline int yama_task_prctl(int option, unsigned long arg2,
+ unsigned long arg3, unsigned long arg4,
+ unsigned long arg5)
+{
+ return -ENOSYS;
+}
+#endif /* CONFIG_SECURITY_YAMA */
+
#endif /* ! __LINUX_SECURITY_H */