| Message ID | 20230310085401.1964889-3-roberto.sassu@huaweicloud.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | security: Always enable integrity LSM | expand |
On Fri, 2023-03-10 at 09:54 +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu@huawei.com> > > With the recent introduction of LSM_ORDER_LAST, the 'integrity' LSM is > always initialized (if selected in the kernel configuration) and the > iint_cache is always created (the kernel panics on error). Thus, the > additional check of iint_cache in integrity_inode_get() is no longer > necessary. If the 'integrity' LSM is not selected in the kernel > configuration, integrity_inode_get() just returns NULL. > > This reverts commit 92063f3ca73aab794bd5408d3361fd5b5ea33079. > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Acked-by: Mimi Zohar <zohar@linux.ibm.com>
diff --git a/security/integrity/iint.c b/security/integrity/iint.c index b97eb59e0e3..c73858e8c6d 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -98,14 +98,6 @@ struct integrity_iint_cache *integrity_inode_get(struct inode *inode) struct rb_node *node, *parent = NULL; struct integrity_iint_cache *iint, *test_iint; - /* - * The integrity's "iint_cache" is initialized at security_init(), - * unless it is not included in the ordered list of LSMs enabled - * on the boot command line. - */ - if (!iint_cache) - panic("%s: lsm=integrity required.\n", __func__); - iint = integrity_iint_find(inode); if (iint) return iint;