X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2Fcapability.c;h=ec18d60756251ff8e562eb16e4c1a83c22b490a9;hb=6a77f38946aaee1cd85eeec6cf4229b204c15071;hp=f1e81ba6b79d48516610e0e79e0ed7abb2bd1586;hpb=5273a3df6485dc2ad6aa7ddd441b9a21970f003b;p=linux-2.6.git

diff --git a/security/capability.c b/security/capability.c
index f1e81ba6b..ec18d6075 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -22,9 +22,7 @@
 #include <linux/skbuff.h>
 #include <linux/netlink.h>
 #include <linux/ptrace.h>
-
-#ifdef CONFIG_SECURITY
-
+#include <linux/moduleparam.h>
 
 static struct security_operations capability_ops = {
 	.ptrace =			cap_ptrace,
@@ -32,6 +30,7 @@ static struct security_operations capability_ops = {
 	.capset_check =			cap_capset_check,
 	.capset_set =			cap_capset_set,
 	.capable =			cap_capable,
+	.settime =			cap_settime,
 	.netlink_send =			cap_netlink_send,
 	.netlink_recv =			cap_netlink_recv,
 
@@ -50,22 +49,23 @@ static struct security_operations capability_ops = {
 	.vm_enough_memory =             cap_vm_enough_memory,
 };
 
-#if defined(CONFIG_SECURITY_CAPABILITIES_MODULE)
-#define MY_NAME THIS_MODULE->name
-#else
-#define MY_NAME "capability"
-#endif
+#define MY_NAME __stringify(KBUILD_MODNAME)
 
 /* flag to keep track of how we were registered */
 static int secondary;
 
+static int capability_disable;
+module_param_named(disable, capability_disable, int, 0);
+MODULE_PARM_DESC(disable, "To disable capabilities module set disable = 1");
 
 static int __init capability_init (void)
 {
+	if (capability_disable) {
+		printk(KERN_INFO "Capabilities disabled at initialization\n");
+		return 0;
+	}
 	/* register ourselves with the security framework */
 	if (register_security (&capability_ops)) {
-		printk (KERN_INFO
-			"Failure registering capabilities with the kernel\n");
 		/* try registering with primary module */
 		if (mod_reg_security (MY_NAME, &capability_ops)) {
 			printk (KERN_INFO "Failure registering capabilities "
@@ -74,12 +74,15 @@ static int __init capability_init (void)
 		}
 		secondary = 1;
 	}
-	printk (KERN_INFO "Capability LSM initialized\n");
+	printk (KERN_INFO "Capability LSM initialized%s\n",
+		secondary ? " as secondary" : "");
 	return 0;
 }
 
 static void __exit capability_exit (void)
 {
+	if (capability_disable)
+		return;
 	/* remove ourselves from the security framework */
 	if (secondary) {
 		if (mod_unreg_security (MY_NAME, &capability_ops))
@@ -99,5 +102,3 @@ module_exit (capability_exit);
 
 MODULE_DESCRIPTION("Standard Linux Capabilities Security Module");
 MODULE_LICENSE("GPL");
-
-#endif	/* CONFIG_SECURITY */