Commit 30d55280 authored by Stephen Smalley's avatar Stephen Smalley Committed by Linus Torvalds

[PATCH] selinux: Clear selinux_enabled flag upon runtime disable.

Clear selinux_enabled flag upon runtime disable of SELinux by userspace,
and make sure it is defined even if selinux= boot parameter support is
not enabled in configuration.
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Acked-by: default avatarJames Morris <jmorris@namei.org>
Tested-by: default avatarJon Smirl <jonsmirl@gmail.com>
Acked-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent e17df688
...@@ -101,6 +101,8 @@ static int __init selinux_enabled_setup(char *str) ...@@ -101,6 +101,8 @@ static int __init selinux_enabled_setup(char *str)
return 1; return 1;
} }
__setup("selinux=", selinux_enabled_setup); __setup("selinux=", selinux_enabled_setup);
#else
int selinux_enabled = 1;
#endif #endif
/* Original (dummy) security module. */ /* Original (dummy) security module. */
...@@ -4535,6 +4537,7 @@ int selinux_disable(void) ...@@ -4535,6 +4537,7 @@ int selinux_disable(void)
printk(KERN_INFO "SELinux: Disabled at runtime.\n"); printk(KERN_INFO "SELinux: Disabled at runtime.\n");
selinux_disabled = 1; selinux_disabled = 1;
selinux_enabled = 0;
/* Reset security_ops to the secondary module, dummy or capability. */ /* Reset security_ops to the secondary module, dummy or capability. */
security_ops = secondary_ops; security_ops = secondary_ops;
......
...@@ -29,12 +29,7 @@ ...@@ -29,12 +29,7 @@
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
#define POLICYDB_VERSION_MAX POLICYDB_VERSION_AVTAB #define POLICYDB_VERSION_MAX POLICYDB_VERSION_AVTAB
#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
extern int selinux_enabled; extern int selinux_enabled;
#else
#define selinux_enabled 1
#endif
extern int selinux_mls_enabled; extern int selinux_mls_enabled;
int security_load_policy(void * data, size_t len); int security_load_policy(void * data, size_t len);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment