mirror of https://gitee.com/openkylin/linux.git
20510f2f4e
Convert LSM into a static interface, as the ability to unload a security module is not required by in-tree users and potentially complicates the overall security architecture. Needlessly exported LSM symbols have been unexported, to help reduce API abuse. Parameters for the capability and root_plug modules are now specified at boot. The SECURITY_FRAMEWORK_VERSION macro has also been removed. In a nutshell, there is no safe way to unload an LSM. The modular interface is thus unecessary and broken infrastructure. It is used only by out-of-tree modules, which are often binary-only, illegal, abusive of the API and dangerous, e.g. silently re-vectoring SELinux. [akpm@linux-foundation.org: cleanups] [akpm@linux-foundation.org: USB Kconfig fix] [randy.dunlap@oracle.com: fix LSM kernel-doc] Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Chris Wright <chrisw@sous-sol.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: "Serge E. Hallyn" <serue@us.ibm.com> Acked-by: Arjan van de Ven <arjan@infradead.org> Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
---|---|---|
.. | ||
.gitignore | ||
Makefile | ||
deviceiobook.tmpl | ||
filesystems.tmpl | ||
gadget.tmpl | ||
genericirq.tmpl | ||
kernel-api.tmpl | ||
kernel-hacking.tmpl | ||
kernel-locking.tmpl | ||
libata.tmpl | ||
librs.tmpl | ||
lsm.tmpl | ||
mcabook.tmpl | ||
mtdnand.tmpl | ||
procfs-guide.tmpl | ||
procfs_example.c | ||
rapidio.tmpl | ||
s390-drivers.tmpl | ||
stylesheet.xsl | ||
uio-howto.tmpl | ||
usb.tmpl | ||
videobook.tmpl | ||
wanbook.tmpl | ||
writing_usb_driver.tmpl | ||
z8530book.tmpl |