security: remove dummy module

Remove the dummy module and make the "capability" module the default. Compile and boot tested. Signed-off-by: N Miklos Szeredi <mszeredi@suse.cz> Acked-by: N Serge Hallyn <serue@us.ibm.com> Signed-off-by: N James Morris <jmorris@namei.org>

security: remove dummy module
Remove the dummy module and make the "capability" module the default. Compile and boot tested. Signed-off-by: N Miklos Szeredi <mszeredi@suse.cz> Acked-by: N Serge Hallyn <serue@us.ibm.com> Signed-off-by: N James Morris <jmorris@namei.org>
5915eb53 · Miklos Szeredi · James Morris · b478a9f9 · 5915eb53 · 5915eb53
5 changed file
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -73,17 +73,9 @@ config SECURITY_NETWORK_XFRM
 	  IPSec.
 	  If you are unsure how to answer this question, answer N.
-config SECURITY_CAPABILITIES
-	bool "Default Linux Capabilities"
-	depends on SECURITY
-	default y
-	help
-	  This enables the "default" Linux capabilities functionality.
-	  If you are unsure how to answer this question, answer Y.
 config SECURITY_FILE_CAPABILITIES
 	bool "File POSIX Capabilities (EXPERIMENTAL)"
-	depends on (SECURITY=n || SECURITY_CAPABILITIES!=n) && EXPERIMENTAL
+	depends on SECURITY && EXPERIMENTAL
 	default n
 	help
 	  This enables filesystem capabilities, allowing you to give

--- a/security/Makefile
+++ b/security/Makefile
@@ -6,16 +6,13 @@ obj-$(CONFIG_KEYS)			+= keys/
 subdir-$(CONFIG_SECURITY_SELINUX)	+= selinux
 subdir-$(CONFIG_SECURITY_SMACK)		+= smack
-# if we don't select a security model, use the default capabilities
+# always enable default capabilities
-ifneq ($(CONFIG_SECURITY),y)
 obj-y		+= commoncap.o
-endif
 # Object file lists
-obj-$(CONFIG_SECURITY)			+= security.o dummy.o inode.o
+obj-$(CONFIG_SECURITY)			+= security.o capability.o inode.o
 # Must precede capability.o in order to stack properly.
 obj-$(CONFIG_SECURITY_SELINUX)		+= selinux/built-in.o
-obj-$(CONFIG_SECURITY_SMACK)		+= commoncap.o smack/built-in.o
+obj-$(CONFIG_SECURITY_SMACK)		+= smack/built-in.o
-obj-$(CONFIG_SECURITY_CAPABILITIES)	+= commoncap.o capability.o
+obj-$(CONFIG_SECURITY_ROOTPLUG)		+= root_plug.o
-obj-$(CONFIG_SECURITY_ROOTPLUG)		+= commoncap.o root_plug.o
 obj-$(CONFIG_CGROUP_DEVICE)		+= device_cgroup.o
--- a/security/capability.c
+++ b/security/capability.c
--- a/security/dummy.c
+++ b/security/dummy.c
--- a/security/security.c
+++ b/security/security.c
@@ -20,8 +20,8 @@
 /* Boot-time LSM user choice */
 static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1];
-/* things that live in dummy.c */
+/* things that live in capability.c */
-extern struct security_operations dummy_security_ops;
+extern struct security_operations default_security_ops;
 extern void security_fixup_ops(struct security_operations *ops);
 struct security_operations *security_ops;	/* Initialized to NULL */
@@ -57,13 +57,8 @@ int __init security_init(void)
 {
 	printk(KERN_INFO "Security Framework initialized\n");
-	if (verify(&dummy_security_ops)) {
+	security_fixup_ops(&default_security_ops);
-		printk(KERN_ERR "%s could not verify "
+	security_ops = &default_security_ops;
-		       "dummy_security_ops structure.\n", __func__);
-		return -EIO;
-	}
-	security_ops = &dummy_security_ops;
 	do_security_initcalls();
 	return 0;
@@ -122,7 +117,7 @@ int register_security(struct security_operations *ops)
 		return -EINVAL;
 	}
-	if (security_ops != &dummy_security_ops)
+	if (security_ops != &default_security_ops)
 		return -EAGAIN;
 	security_ops = ops;