summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2016-05-17 01:45:52 -0700
committerJames Morris <james.l.morris@oracle.com>2016-05-17 20:10:30 +1000
commitb937190c40de0f6f07f592042e3097b16c6b0130 (patch)
tree3c30684e605efa39d85d69b88ae4af3df7ce6d9c
parenta6926cc989eb8e3349ae9b858177608e86f7257c (diff)
downloadlinux-b937190c40de0f6f07f592042e3097b16c6b0130.tar.bz2
LSM: LoadPin: provide enablement CONFIG
Instead of being enabled by default when SECURITY_LOADPIN is selected, provide an additional (default off) config to determine the boot time behavior. As before, the "loadpin.enabled=0/1" kernel parameter remains available. Suggested-by: James Morris <jmorris@namei.org> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com>
-rw-r--r--security/loadpin/Kconfig19
-rw-r--r--security/loadpin/loadpin.c2
2 files changed, 15 insertions, 6 deletions
diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig
index c668ac4eda65..dd01aa91e521 100644
--- a/security/loadpin/Kconfig
+++ b/security/loadpin/Kconfig
@@ -3,8 +3,17 @@ config SECURITY_LOADPIN
depends on SECURITY && BLOCK
help
Any files read through the kernel file reading interface
- (kernel modules, firmware, kexec images, security policy) will
- be pinned to the first filesystem used for loading. Any files
- that come from other filesystems will be rejected. This is best
- used on systems without an initrd that have a root filesystem
- backed by a read-only device such as dm-verity or a CDROM.
+ (kernel modules, firmware, kexec images, security policy)
+ can be pinned to the first filesystem used for loading. When
+ enabled, any files that come from other filesystems will be
+ rejected. This is best used on systems without an initrd that
+ have a root filesystem backed by a read-only device such as
+ dm-verity or a CDROM.
+
+config SECURITY_LOADPIN_ENABLED
+ bool "Enforce LoadPin at boot"
+ depends on SECURITY_LOADPIN
+ help
+ If selected, LoadPin will enforce pinning at boot. If not
+ selected, it can be enabled at boot with the kernel parameter
+ "loadpin.enabled=1".
diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
index e4debae3c4d6..89a46f10b8a7 100644
--- a/security/loadpin/loadpin.c
+++ b/security/loadpin/loadpin.c
@@ -45,7 +45,7 @@ static void report_load(const char *origin, struct file *file, char *operation)
kfree(pathname);
}
-static int enabled = 1;
+static int enabled = IS_ENABLED(CONFIG_SECURITY_LOADPIN_ENABLED);
static struct super_block *pinned_root;
static DEFINE_SPINLOCK(pinned_root_spinlock);