aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2006-05-03 10:52:36 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-05-03 10:08:11 -0700
commit30d55280b867aa0cae99f836ad0181bb0bf8f9cb (patch)
tree8df537addd3709f36f24dbd654662568b79ca943
parente17df688f7064dae1417ce425dd1e4b71d24d63b (diff)
[PATCH] selinux: Clear selinux_enabled flag upon runtime disable.
Clear selinux_enabled flag upon runtime disable of SELinux by userspace, and make sure it is defined even if selinux= boot parameter support is not enabled in configuration. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Tested-by: Jon Smirl <jonsmirl@gmail.com> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--security/selinux/hooks.c3
-rw-r--r--security/selinux/include/security.h5
2 files changed, 3 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3cf368a1644..d987048d3f3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -101,6 +101,8 @@ static int __init selinux_enabled_setup(char *str)
return 1;
}
__setup("selinux=", selinux_enabled_setup);
+#else
+int selinux_enabled = 1;
#endif
/* Original (dummy) security module. */
@@ -4535,6 +4537,7 @@ int selinux_disable(void)
printk(KERN_INFO "SELinux: Disabled at runtime.\n");
selinux_disabled = 1;
+ selinux_enabled = 0;
/* Reset security_ops to the secondary module, dummy or capability. */
security_ops = secondary_ops;
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 5f016c98056..063af47bb23 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -29,12 +29,7 @@
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
#define POLICYDB_VERSION_MAX POLICYDB_VERSION_AVTAB
-#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
extern int selinux_enabled;
-#else
-#define selinux_enabled 1
-#endif
-
extern int selinux_mls_enabled;
int security_load_policy(void * data, size_t len);