[PATCH 18/18] LSM: Don't ignore initialization failures
Kees Cook
keescook at chromium.org
Sun Sep 16 00:30:59 UTC 2018
LSM initialization failures have traditionally been ignored. We should
at least WARN when something goes wrong.
Signed-off-by: Kees Cook <keescook at chromium.org>
---
security/security.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/security/security.c b/security/security.c
index 3b84b7eeb08c..a7796e522f72 100644
--- a/security/security.c
+++ b/security/security.c
@@ -203,11 +203,15 @@ static void __init maybe_enable_lsm(struct lsm_info *lsm)
/* If selected, initialize the LSM. */
if (enabled) {
+ int ret;
+
if (lsm->type == LSM_TYPE_EXCLUSIVE) {
exclusive = lsm;
init_debug("exclusive: %s\n", exclusive->name);
}
- lsm->init();
+
+ ret = lsm->init();
+ WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
}
}
--
2.17.1
More information about the Linux-security-module-archive
mailing list