This change has two goals:
- delay the setting of 'smack_enabled' until
it will be really effective
- ensure that smackfs is valid only if 'smack_enabled'
is set (it is already the case in smack_netfilter.c)
Signed-off-by: José Bollo <jose.bo...@iot.bzh>
---
security/smack/smack_lsm.c | 4 ++--
security/smack/smackfs.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 996c889..dd0f0a6 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4708,8 +4708,6 @@ static __init int smack_init(void)
if (!security_module_enable("smack"))
return 0;
- smack_enabled = 1;
-
smack_inode_cache = KMEM_CACHE(inode_smack, 0);
if (!smack_inode_cache)
return -ENOMEM;
@@ -4721,6 +4719,8 @@ static __init int smack_init(void)
return -ENOMEM;
}
+ smack_enabled = 1;
+
pr_info("Smack: Initializing.\n");
#ifdef CONFIG_SECURITY_SMACK_NETFILTER
pr_info("Smack: Netfilter enabled.\n");
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index c20b154..d2bb5ee 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -2892,7 +2892,7 @@ static int __init init_smk_fs(void)
int err;
int rc;
- if (!security_module_enable("smack"))
+ if (smack_enabled == 0)
return 0;
err = smk_init_sysfs();
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
