fedora core 6 1.2949 + vserver 2.2.0

[linux-2.6.git] / security / capability.c

diff --git a/security/capability.c b/security/capability.c
index f1e81ba..b868e7e 100644 (file)
--- a/security/capability.c
+++ b/security/capability.c
@@ -8,7 +8,6 @@
  *
  */
 
-#include <linux/config.h>
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
@@ -22,9 +21,7 @@
 #include <linux/skbuff.h>
 #include <linux/netlink.h>
 #include <linux/ptrace.h>
-
-#ifdef CONFIG_SECURITY
-
+#include <linux/moduleparam.h>
 
 static struct security_operations capability_ops = {
        .ptrace =                       cap_ptrace,
@@ -32,6 +29,7 @@ static struct security_operations capability_ops = {
        .capset_check =                 cap_capset_check,
        .capset_set =                   cap_capset_set,
        .capable =                      cap_capable,
+       .settime =                      cap_settime,
        .netlink_send =                 cap_netlink_send,
        .netlink_recv =                 cap_netlink_recv,
 
@@ -50,39 +48,41 @@ static struct security_operations capability_ops = {
        .vm_enough_memory =             cap_vm_enough_memory,
 };
 
-#if defined(CONFIG_SECURITY_CAPABILITIES_MODULE)
-#define MY_NAME THIS_MODULE->name
-#else
-#define MY_NAME "capability"
-#endif
-
 /* flag to keep track of how we were registered */
 static int secondary;
 
+static int capability_disable;
+module_param_named(disable, capability_disable, int, 0);
+MODULE_PARM_DESC(disable, "To disable capabilities module set disable = 1");
 
 static int __init capability_init (void)
 {
+       if (capability_disable) {
+               printk(KERN_INFO "Capabilities disabled at initialization\n");
+               return 0;
+       }
        /* register ourselves with the security framework */
        if (register_security (&capability_ops)) {
-               printk (KERN_INFO
-                       "Failure registering capabilities with the kernel\n");
                /* try registering with primary module */
-               if (mod_reg_security (MY_NAME, &capability_ops)) {
+               if (mod_reg_security (KBUILD_MODNAME, &capability_ops)) {
                        printk (KERN_INFO "Failure registering capabilities "
                                "with primary security module.\n");
                        return -EINVAL;
                }
                secondary = 1;
        }
-       printk (KERN_INFO "Capability LSM initialized\n");
+       printk (KERN_INFO "Capability LSM initialized%s\n",
+               secondary ? " as secondary" : "");
        return 0;
 }
 
 static void __exit capability_exit (void)
 {
+       if (capability_disable)
+               return;
        /* remove ourselves from the security framework */
        if (secondary) {
-               if (mod_unreg_security (MY_NAME, &capability_ops))
+               if (mod_unreg_security (KBUILD_MODNAME, &capability_ops))
                        printk (KERN_INFO "Failure unregistering capabilities "
                                "with primary module.\n");
                return;
@@ -99,5 +99,3 @@ module_exit (capability_exit);
 
 MODULE_DESCRIPTION("Standard Linux Capabilities Security Module");
 MODULE_LICENSE("GPL");
-
-#endif /* CONFIG_SECURITY */