diff options
| author | Justin M. Forbes <jforbes@fedoraproject.org> | 2020-06-30 09:24:22 -0500 |
|---|---|---|
| committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2020-06-30 09:24:22 -0500 |
| commit | d176dfce22f5ead7a6018edb69757bc8840cc008 (patch) | |
| tree | aa15398098e0f20a9fb643441ec8443b2ffd6328 /0001-security-lockdown-expose-a-hook-to-lock-the-kernel-d.patch | |
| parent | 61b5e2fd06a4be7134afb1cd363002e015123f7f (diff) | |
| download | kernel-d176dfce22f5ead7a6018edb69757bc8840cc008.tar.gz kernel-d176dfce22f5ead7a6018edb69757bc8840cc008.tar.xz kernel-d176dfce22f5ead7a6018edb69757bc8840cc008.zip | |
kernel-5.8.0-0.rc3.20200630git7c30b859a947.1
* Tue Jun 30 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.8.0-0.rc3.20200630git7c30b859a947.1]
- 7c30b859a947 rebase
- Updated changelog for the release based on v5.8-rc3 (Fedora Kernel Team)
Resolves: rhbz#
Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
Diffstat (limited to '0001-security-lockdown-expose-a-hook-to-lock-the-kernel-d.patch')
| -rw-r--r-- | 0001-security-lockdown-expose-a-hook-to-lock-the-kernel-d.patch | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-d.patch b/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-d.patch index 9ff44e79b..3b44f9801 100644 --- a/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-d.patch +++ b/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-d.patch @@ -22,11 +22,11 @@ index 6791813cd439..501e14cff79c 100644 +++ b/include/linux/lsm_hook_defs.h @@ -383,6 +383,8 @@ LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux) #endif /* CONFIG_BPF_SYSCALL */ - + LSM_HOOK(int, 0, locked_down, enum lockdown_reason what) +LSM_HOOK(int, 0, lock_kernel_down, const char *where, enum lockdown_reason level) + - + #ifdef CONFIG_PERF_EVENTS LSM_HOOK(int, 0, perf_event_open, struct perf_event_attr *attr, int type) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h @@ -56,7 +56,7 @@ index 0a0a03b36a3b..26869f44416b 100644 int security_locked_down(enum lockdown_reason what); +int security_lock_kernel_down(const char *where, enum lockdown_reason level); #else /* CONFIG_SECURITY */ - + static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1291,6 +1292,10 @@ static inline int security_locked_down(enum lockdown_reason what) { @@ -67,19 +67,19 @@ index 0a0a03b36a3b..26869f44416b 100644 + return 0; +} #endif /* CONFIG_SECURITY */ - + #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 87cbdc64d272..18555cf18da7 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -73,6 +73,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what) - + static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), + LSM_HOOK_INIT(lock_kernel_down, lock_kernel_down), }; - + static int __init lockdown_lsm_init(void) diff --git a/security/security.c b/security/security.c index 0ce3e73edd42..8fe9a9911261 100644 @@ -88,7 +88,7 @@ index 0ce3e73edd42..8fe9a9911261 100644 @@ -2501,6 +2501,12 @@ int security_locked_down(enum lockdown_reason what) } EXPORT_SYMBOL(security_locked_down); - + +int security_lock_kernel_down(const char *where, enum lockdown_reason level) +{ + return call_int_hook(lock_kernel_down, 0, where, level); @@ -99,5 +99,5 @@ index 0ce3e73edd42..8fe9a9911261 100644 int security_perf_event_open(struct perf_event_attr *attr, int type) { -- -2.25.4 +2.26.2 |