2005-04-16 15:20:36 -07:00
/*
* Capabilities Linux Security Module
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
*/
# include <linux/module.h>
# include <linux/init.h>
# include <linux/kernel.h>
# include <linux/security.h>
# include <linux/file.h>
# include <linux/mm.h>
# include <linux/mman.h>
# include <linux/pagemap.h>
# include <linux/swap.h>
# include <linux/smp_lock.h>
# include <linux/skbuff.h>
# include <linux/netlink.h>
# include <linux/ptrace.h>
# include <linux/moduleparam.h>
static struct security_operations capability_ops = {
. ptrace = cap_ptrace ,
. capget = cap_capget ,
. capset_check = cap_capset_check ,
. capset_set = cap_capset_set ,
. capable = cap_capable ,
. settime = cap_settime ,
. netlink_send = cap_netlink_send ,
. netlink_recv = cap_netlink_recv ,
. bprm_apply_creds = cap_bprm_apply_creds ,
. bprm_set_security = cap_bprm_set_security ,
. bprm_secureexec = cap_bprm_secureexec ,
. inode_setxattr = cap_inode_setxattr ,
. inode_removexattr = cap_inode_removexattr ,
. task_post_setuid = cap_task_post_setuid ,
. task_reparent_to_init = cap_task_reparent_to_init ,
. syslog = cap_syslog ,
. vm_enough_memory = cap_vm_enough_memory ,
} ;
/* flag to keep track of how we were registered */
static int secondary ;
static int capability_disable ;
module_param_named ( disable , capability_disable , int , 0 ) ;
MODULE_PARM_DESC ( disable , " To disable capabilities module set disable = 1 " ) ;
static int __init capability_init ( void )
{
if ( capability_disable ) {
printk ( KERN_INFO " Capabilities disabled at initialization \n " ) ;
return 0 ;
}
/* register ourselves with the security framework */
if ( register_security ( & capability_ops ) ) {
/* try registering with primary module */
2006-01-06 21:17:50 +01:00
if ( mod_reg_security ( KBUILD_MODNAME , & capability_ops ) ) {
2005-04-16 15:20:36 -07:00
printk ( KERN_INFO " Failure registering capabilities "
" with primary security module. \n " ) ;
return - EINVAL ;
}
secondary = 1 ;
}
printk ( KERN_INFO " Capability LSM initialized%s \n " ,
secondary ? " as secondary " : " " ) ;
return 0 ;
}
static void __exit capability_exit ( void )
{
if ( capability_disable )
return ;
/* remove ourselves from the security framework */
if ( secondary ) {
2006-01-06 21:17:50 +01:00
if ( mod_unreg_security ( KBUILD_MODNAME , & capability_ops ) )
2005-04-16 15:20:36 -07:00
printk ( KERN_INFO " Failure unregistering capabilities "
" with primary module. \n " ) ;
return ;
}
if ( unregister_security ( & capability_ops ) ) {
printk ( KERN_INFO
" Failure unregistering capabilities with the kernel \n " ) ;
}
}
security_initcall ( capability_init ) ;
module_exit ( capability_exit ) ;
MODULE_DESCRIPTION ( " Standard Linux Capabilities Security Module " ) ;
MODULE_LICENSE ( " GPL " ) ;