summaryrefslogtreecommitdiffstats
path: root/security/apparmor
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2018-09-14 08:17:50 +0200
committerKees Cook <keescook@chromium.org>2019-01-08 22:18:42 +0100
commitf4941d75b9cba5e1fae1aebe0139dcca0703a294 (patch)
treefca97d9b39b5291c138795b7e6262faba2dbec5b /security/apparmor
parentLSM: Plumb visibility into optional "enabled" state (diff)
downloadlinux-f4941d75b9cba5e1fae1aebe0139dcca0703a294.tar.xz
linux-f4941d75b9cba5e1fae1aebe0139dcca0703a294.zip
LSM: Lift LSM selection out of individual LSMs
As a prerequisite to adjusting LSM selection logic in the future, this moves the selection logic up out of the individual major LSMs, making their init functions only run when actually enabled. This considers all LSMs enabled by default unless they specified an external "enable" variable. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/lsm.c6
1 files changed, 0 insertions, 6 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index a4652ff622cf..dfc5fbf8ba82 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1663,12 +1663,6 @@ static int __init apparmor_init(void)
{
int error;
- if (!apparmor_enabled || !security_module_enable("apparmor")) {
- aa_info_message("AppArmor disabled by boot time parameter");
- apparmor_enabled = false;
- return 0;
- }
-
aa_secids_init();
error = aa_setup_dfa_engine();