+ selinux-clear-selinux_enabled-flag-upon-runtime-disable.patch added to -mm tree

akpm@xxxxxxxx · Wed, 03 May 2006 18:42:49 -0700

The patch titled

     selinux: Clear selinux_enabled flag upon runtime disable

has been added to the -mm tree.  Its filename is

     selinux-clear-selinux_enabled-flag-upon-runtime-disable.patch

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this


From: Stephen Smalley <sds@xxxxxxxxxxxxx>

Clear selinux_enabled flag upon runtime disable of SELinux by userspace,
and make sure it is defined even if selinux= boot parameter support is not
enabled in configuration.

Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
Acked-by: James Morris <jmorris@xxxxxxxxx>
Cc: "Jon Smirl" <jonsmirl@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 security/selinux/hooks.c            |    3 +++
 security/selinux/include/security.h |    5 -----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff -puN security/selinux/hooks.c~selinux-clear-selinux_enabled-flag-upon-runtime-disable security/selinux/hooks.c

--- devel/security/selinux/hooks.c~selinux-clear-selinux_enabled-flag-upon-runtime-disable	2006-05-03 18:38:15.000000000 -0700
+++ devel-akpm/security/selinux/hooks.c	2006-05-03 18:38:15.000000000 -0700
@@ -101,6 +101,8 @@ static int __init selinux_enabled_setup(
 	return 1;
 }
 __setup("selinux=", selinux_enabled_setup);
+#else
+int selinux_enabled = 1;
 #endif
 
 /* Original (dummy) security module. */
@@ -4535,6 +4537,7 @@ int selinux_disable(void)
 	printk(KERN_INFO "SELinux:  Disabled at runtime.\n");
 
 	selinux_disabled = 1;
+	selinux_enabled = 0;
 
 	/* Reset security_ops to the secondary module, dummy or capability. */
 	security_ops = secondary_ops;
diff -puN security/selinux/include/security.h~selinux-clear-selinux_enabled-flag-upon-runtime-disable security/selinux/include/security.h
--- devel/security/selinux/include/security.h~selinux-clear-selinux_enabled-flag-upon-runtime-disable	2006-05-03 18:38:15.000000000 -0700
+++ devel-akpm/security/selinux/include/security.h	2006-05-03 18:38:15.000000000 -0700
@@ -29,12 +29,7 @@
 #define POLICYDB_VERSION_MIN   POLICYDB_VERSION_BASE
 #define POLICYDB_VERSION_MAX   POLICYDB_VERSION_AVTAB
 
-#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
 extern int selinux_enabled;
-#else
-#define selinux_enabled 1
-#endif
-
 extern int selinux_mls_enabled;
 
 int security_load_policy(void * data, size_t len);
_

Patches currently in -mm which might be from sds@xxxxxxxxxxxxx are

selinux-clear-selinux_enabled-flag-upon-runtime-disable.patch
proc-cleanup-proc_fd_access_allowed.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




