X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2Fcapability.c;h=532023c652caa6f7c7f69a8faafcf336c0530750;hb=5237fac468d9ad78bc9c09d26426b3425b876540;hp=f1e81ba6b79d48516610e0e79e0ed7abb2bd1586;hpb=86090fcac5e27b630656fe3d963a6b80e26dac44;p=linux-2.6.git

diff --git a/security/capability.c b/security/capability.c
index f1e81ba6b..532023c65 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -22,9 +22,7 @@
 #include <linux/skbuff.h>
 #include <linux/netlink.h>
 #include <linux/ptrace.h>
-
-#ifdef CONFIG_SECURITY
-
+#include <linux/moduleparam.h>
 
 static struct security_operations capability_ops = {
 	.ptrace =			cap_ptrace,
@@ -50,22 +48,23 @@ static struct security_operations capability_ops = {
 	.vm_enough_memory =             cap_vm_enough_memory,
 };
 
-#if defined(CONFIG_SECURITY_CAPABILITIES_MODULE)
-#define MY_NAME THIS_MODULE->name
-#else
-#define MY_NAME "capability"
-#endif
+#define MY_NAME __stringify(KBUILD_MODNAME)
 
 /* flag to keep track of how we were registered */
 static int secondary;
 
+static int capability_disable;
+module_param_named(disable, capability_disable, int, 0);
+MODULE_PARM_DESC(disable, "To disable capabilities module set disable = 1");
 
 static int __init capability_init (void)
 {
+	if (capability_disable) {
+		printk(KERN_INFO "Capabilities disabled at initialization\n");
+		return 0;
+	}
 	/* register ourselves with the security framework */
 	if (register_security (&capability_ops)) {
-		printk (KERN_INFO
-			"Failure registering capabilities with the kernel\n");
 		/* try registering with primary module */
 		if (mod_reg_security (MY_NAME, &capability_ops)) {
 			printk (KERN_INFO "Failure registering capabilities "
@@ -74,12 +73,15 @@ static int __init capability_init (void)
 		}
 		secondary = 1;
 	}
-	printk (KERN_INFO "Capability LSM initialized\n");
+	printk (KERN_INFO "Capability LSM initialized%s\n",
+		secondary ? " as secondary" : "");
 	return 0;
 }
 
 static void __exit capability_exit (void)
 {
+	if (capability_disable)
+		return;
 	/* remove ourselves from the security framework */
 	if (secondary) {
 		if (mod_unreg_security (MY_NAME, &capability_ops))
@@ -99,5 +101,3 @@ module_exit (capability_exit);
 
 MODULE_DESCRIPTION("Standard Linux Capabilities Security Module");
 MODULE_LICENSE("GPL");
-
-#endif	/* CONFIG_SECURITY */