#include <linux/skbuff.h>
#include <linux/netlink.h>
#include <linux/ptrace.h>
-
-#ifdef CONFIG_SECURITY
-
+#include <linux/moduleparam.h>
static struct security_operations capability_ops = {
.ptrace = cap_ptrace,
.vm_enough_memory = cap_vm_enough_memory,
};
-#if defined(CONFIG_SECURITY_CAPABILITIES_MODULE)
-#define MY_NAME THIS_MODULE->name
-#else
-#define MY_NAME "capability"
-#endif
+#define MY_NAME __stringify(KBUILD_MODNAME)
/* flag to keep track of how we were registered */
static int secondary;
+static int capability_disable;
+module_param_named(disable, capability_disable, int, 0);
+MODULE_PARM_DESC(disable, "To disable capabilities module set disable = 1");
static int __init capability_init (void)
{
+ if (capability_disable) {
+ printk(KERN_INFO "Capabilities disabled at initialization\n");
+ return 0;
+ }
/* register ourselves with the security framework */
if (register_security (&capability_ops)) {
- printk (KERN_INFO
- "Failure registering capabilities with the kernel\n");
/* try registering with primary module */
if (mod_reg_security (MY_NAME, &capability_ops)) {
printk (KERN_INFO "Failure registering capabilities "
}
secondary = 1;
}
- printk (KERN_INFO "Capability LSM initialized\n");
+ printk (KERN_INFO "Capability LSM initialized%s\n",
+ secondary ? " as secondary" : "");
return 0;
}
static void __exit capability_exit (void)
{
+ if (capability_disable)
+ return;
/* remove ourselves from the security framework */
if (secondary) {
if (mod_unreg_security (MY_NAME, &capability_ops))
MODULE_DESCRIPTION("Standard Linux Capabilities Security Module");
MODULE_LICENSE("GPL");
-
-#endif /* CONFIG_SECURITY */
git://git.onelab.eu / linux-2.6.git / blobdiff