security: Yama LSM This adds the Yama Linux Security Module to collect DAC security improvements (specifically just ptrace restrictions for now) that have existed in various forms over the years and have been carried outside the mainline kernel by other Linux distributions like Openwall and grsecurity. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: 2d514487faf188938a4ee4fb3464eeecfbdcf8eb [log] [tgz]
author: Kees Cook <keescook@chromium.org> Wed Dec 21 12:17:04 2011 -0800
committer: James Morris <jmorris@namei.org> Fri Feb 10 09:18:52 2012 +1100
tree: 42147f0459ab062375f63891943242e3b95797bb
parent: 1a2a4d06e1e95260c470ebe3a945f61bbe8c1fd8 [diff] [blame]
diff --git a/security/Makefile b/security/Makefile
index a5e502f..c26c81e 100644
--- a/security/Makefile
+++ b/security/Makefile

@@ -7,6 +7,7 @@
 subdir-$(CONFIG_SECURITY_SMACK)		+= smack
 subdir-$(CONFIG_SECURITY_TOMOYO)        += tomoyo
 subdir-$(CONFIG_SECURITY_APPARMOR)	+= apparmor
+subdir-$(CONFIG_SECURITY_YAMA)		+= yama
 
 # always enable default capabilities
 obj-y					+= commoncap.o
@@ -21,6 +22,7 @@
 obj-$(CONFIG_AUDIT)			+= lsm_audit.o
 obj-$(CONFIG_SECURITY_TOMOYO)		+= tomoyo/built-in.o
 obj-$(CONFIG_SECURITY_APPARMOR)		+= apparmor/built-in.o
+obj-$(CONFIG_SECURITY_YAMA)		+= yama/built-in.o
 obj-$(CONFIG_CGROUP_DEVICE)		+= device_cgroup.o
 
 # Object integrity file lists
commit	2d514487faf188938a4ee4fb3464eeecfbdcf8eb	[log] [tgz]
author	Kees Cook <keescook@chromium.org>	Wed Dec 21 12:17:04 2011 -0800
committer	James Morris <jmorris@namei.org>	Fri Feb 10 09:18:52 2012 +1100
tree	42147f0459ab062375f63891943242e3b95797bb
parent	1a2a4d06e1e95260c470ebe3a945f61bbe8c1fd8 [diff] [blame]