kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   6f01e8cfb4a016c4c2f3182bf84155a030cbcadf
  2.   patches.suse
  3.   0001-Remove-BSD-style-securelevel-sysfs-file.patch
Blob Blame History Raw 
From fc03c6008052aa85f1d88a0c53ddc837491c1602 Mon Sep 17 00:00:00 2001
From: "Lee, Chun-Yi" <jlee@suse.com>
Date: Thu, 5 May 2016 16:28:24 +0800
Subject: [PATCH] Remove BSD-style securelevel sysfs file

Patch-mainline: never, SUSE specific
References: fate#320387

The BSD-style securelevel patches didn't accept by kernel upstream, but
I think those secure boot lock down patches that are still better to align
with the patches in Matthew's linux-mjg59 git tree. This patch removed
securelevel sysfs file then userspace can not pull up securelevel.

Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
---
 security/securelevel.c |   70 -------------------------------------------------
 1 file changed, 70 deletions(-)

--- a/security/securelevel.c
+++ b/security/securelevel.c
@@ -44,73 +44,3 @@ out:
 	return ret;
 }
 EXPORT_SYMBOL(set_securelevel);
-
-static ssize_t securelevel_read(struct file *filp, char __user *buf,
-				size_t count, loff_t *ppos)
-{
-	char tmpbuf[12];
-	ssize_t length;
-
-	length = scnprintf(tmpbuf, sizeof(tmpbuf), "%d", securelevel);
-	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
-}
-
-static ssize_t securelevel_write(struct file *file, const char __user *buf,
-				 size_t count, loff_t *ppos)
-{
-	char *page = NULL;
-	ssize_t length;
-	int new_securelevel;
-
-	length = -ENOMEM;
-	if (count >= PAGE_SIZE)
-		goto out;
-
-	length = -EINVAL;
-	if (*ppos != 0)
-		goto out;
-
-	length = -ENOMEM;
-	page = (char *)get_zeroed_page(GFP_KERNEL);
-	if (!page)
-		goto out;
-
-	length = -EFAULT;
-	if (copy_from_user(page, buf, count))
-		goto out;
-
-	length = -EINVAL;
-	if (sscanf(page, "%d", &new_securelevel) != 1)
-		goto out;
-
-	length = set_securelevel(new_securelevel);
-	if (length)
-		goto out;
-
-	length = count;
-out:
-	free_page((unsigned long) page);
-	return length;
-}
-
-static const struct file_operations securelevel_fops = {
-	.read 	= securelevel_read,
-	.write 	= securelevel_write,
-	.llseek	= generic_file_llseek,
-};
-
-static __init int setup_securelevel(void)
-{
-	struct dentry *securelevel_file;
-
-	securelevel_file = securityfs_create_file("securelevel",
-						  S_IWUSR | S_IRUGO,
-						  NULL, NULL,
-						  &securelevel_fops);
-
-	if (IS_ERR(securelevel_file))
-		return PTR_ERR(securelevel_file);
-
-	return 0;
-}
-late_initcall(setup_securelevel);
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.