security: introduce CONFIG_SECURITY_WRITABLE_HOOKS - kernel

diff options

author	James Morris <[email protected]>	2017-02-14 13:17:24 +0000
committer	James Morris <[email protected]>	2017-03-06 00:00:12 +0000
commit	dd0859dccbe291cf8179a96390f5c0e45cb9af1d (patch)
tree	e7a2b67dfdb2beaa07d42a314eb142289599d381 /scripts/selinux/genheaders/genheaders.c
parent	selinux: fix kernel BUG on prlimit(..., NULL, NULL) (diff)
download	kernel-dd0859dccbe291cf8179a96390f5c0e45cb9af1d.tar.gz kernel-dd0859dccbe291cf8179a96390f5c0e45cb9af1d.zip

security: introduce CONFIG_SECURITY_WRITABLE_HOOKS

Subsequent patches will add RO hardening to LSM hooks, however, SELinux still needs to be able to perform runtime disablement after init to handle architectures where init-time disablement via boot parameters is not feasible. Introduce a new kernel configuration parameter CONFIG_SECURITY_WRITABLE_HOOKS, and a helper macro __lsm_ro_after_init, to handle this case. Signed-off-by: James Morris <[email protected]> Acked-by: Stephen Smalley <[email protected]> Acked-by: Casey Schaufler <[email protected]> Acked-by: Kees Cook <[email protected]>

Diffstat (limited to 'scripts/selinux/genheaders/genheaders.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: