| Message ID | 20250123-sysctl-kees-v1-1-533359e74d66@suse.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | security: Constify sysctl tables | expand |
On Thu, Jan 23, 2025 at 04:33:34PM -0300, Ricardo B. Marliere wrote: > Since commit 7abc9b53bd51 ("sysctl: allow registration of const struct > ctl_table"), the sysctl registration API allows for struct ctl_table to be > in read-only memory. Move yama_sysctl_table to be declared at build time, > instead of having to be dynamically allocated at boot time. > > Cc: Thomas Weißschuh <linux@weissschuh.net> > Suggested-by: Thomas Weißschuh <linux@weissschuh.net> > Signed-off-by: Ricardo B. Marliere <rbm@suse.com> Reviewed-by: Kees Cook <kees@kernel.org>
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index e1a5e13ea269d4917fe2c78cb79f1d44881653c2..54bd5f535ac1fef9409ea96ad60825f565318daf 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -454,7 +454,7 @@ static int yama_dointvec_minmax(const struct ctl_table *table, int write, static int max_scope = YAMA_SCOPE_NO_ATTACH; -static struct ctl_table yama_sysctl_table[] = { +static const struct ctl_table yama_sysctl_table[] = { { .procname = "ptrace_scope", .data = &ptrace_scope,
Since commit 7abc9b53bd51 ("sysctl: allow registration of const struct ctl_table"), the sysctl registration API allows for struct ctl_table to be in read-only memory. Move yama_sysctl_table to be declared at build time, instead of having to be dynamically allocated at boot time. Cc: Thomas Weißschuh <linux@weissschuh.net> Suggested-by: Thomas Weißschuh <linux@weissschuh.net> Signed-off-by: Ricardo B. Marliere <rbm@suse.com> --- security/yama/yama_lsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)