| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Mar 2023 06:12:41 +0100
From: Lukas Bulwahn <lukas.bulwahn@...il.com>
To: Paul Moore <paul@...l-moore.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Eric Paris <eparis@...isplace.org>, selinux@...r.kernel.org
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org,
Lukas Bulwahn <lukas.bulwahn@...il.com>
Subject: [PATCH] selinux: clean up dead code after removing runtime disable
Commit f22f9aaf6c3d ("selinux: remove the runtime disable functionality")
removes the config SECURITY_SELINUX_DISABLE. This results in some dead code
in lsm_hooks.h and a reference in the ABI documentation leading nowhere as
the help text is simply gone.
Remove the dead code and dead reference.
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@...il.com>
---
Paul, please pick this minor cleanup patch on top of your commit above.
.../ABI/removed/sysfs-selinux-disable | 3 ---
include/linux/lsm_hooks.h | 23 -------------------
2 files changed, 26 deletions(-)
diff --git a/Documentation/ABI/removed/sysfs-selinux-disable b/Documentation/ABI/removed/sysfs-selinux-disable
index cb783c64cab3..1ae9587231e1 100644
--- a/Documentation/ABI/removed/sysfs-selinux-disable
+++ b/Documentation/ABI/removed/sysfs-selinux-disable
@@ -24,6 +24,3 @@ Description:
SELinux at runtime. Fedora is in the process of removing the
selinuxfs "disable" node and once that is complete we will start the
slow process of removing this code from the kernel.
-
- More information on /sys/fs/selinux/disable can be found under the
- CONFIG_SECURITY_SELINUX_DISABLE Kconfig option.
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 2b04f94a31bd..ab2b2fafa4a4 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -117,29 +117,6 @@ extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
__used __section(".early_lsm_info.init") \
__aligned(sizeof(unsigned long))
-#ifdef CONFIG_SECURITY_SELINUX_DISABLE
-/*
- * Assuring the safety of deleting a security module is up to
- * the security module involved. This may entail ordering the
- * module's hook list in a particular way, refusing to disable
- * the module once a policy is loaded or any number of other
- * actions better imagined than described.
- *
- * The name of the configuration option reflects the only module
- * that currently uses the mechanism. Any developer who thinks
- * disabling their module is a good idea needs to be at least as
- * careful as the SELinux team.
- */
-static inline void security_delete_hooks(struct security_hook_list *hooks,
- int count)
-{
- int i;
-
- for (i = 0; i < count; i++)
- hlist_del_rcu(&hooks[i].list);
-}
-#endif /* CONFIG_SECURITY_SELINUX_DISABLE */
-
extern int lsm_inode_alloc(struct inode *inode);
#endif /* ! __LINUX_LSM_HOOKS_H */
--
2.17.1
Powered by blists - more mailing lists