summaryrefslogtreecommitdiffstats
path: root/security/apparmor/lsm.c
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2018-09-20 04:57:06 +0200
committerKees Cook <keescook@chromium.org>2019-01-08 22:18:43 +0100
commit14bd99c821f7ace0e8110a1bfdfaa27e1788e20f (patch)
treea5feee1ff6b832eaffef89d1bde995e0574723e2 /security/apparmor/lsm.c
parentLSM: Refactor "security=" in terms of enable/disable (diff)
downloadlinux-14bd99c821f7ace0e8110a1bfdfaa27e1788e20f.tar.xz
linux-14bd99c821f7ace0e8110a1bfdfaa27e1788e20f.zip
LSM: Separate idea of "major" LSM from "exclusive" LSM
In order to both support old "security=" Legacy Major LSM selection, and handling real exclusivity, this creates LSM_FLAG_EXCLUSIVE and updates the selection logic to handle them. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/apparmor/lsm.c')
-rw-r--r--security/apparmor/lsm.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index dfc5fbf8ba82..149a3e16b5da 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1723,7 +1723,7 @@ alloc_out:
DEFINE_LSM(apparmor) = {
.name = "apparmor",
- .flags = LSM_FLAG_LEGACY_MAJOR,
+ .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
.enabled = &apparmor_enabled,
.init = apparmor_init,
};