diff options
Diffstat (limited to 'init')
-rw-r--r-- | init/Kconfig | 36 | ||||
-rw-r--r-- | init/do_mounts.c | 2 | ||||
-rw-r--r-- | init/do_mounts_rd.c | 12 | ||||
-rw-r--r-- | init/main.c | 56 |
4 files changed, 32 insertions, 74 deletions
diff --git a/init/Kconfig b/init/Kconfig index 79383d3..3ecd8a1 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -284,7 +284,7 @@ config AUDIT config AUDITSYSCALL bool "Enable system-call auditing support" - depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT)) + depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT)) default y if SECURITY_SELINUX help Enable low-overhead system-call auditing infrastructure that @@ -301,6 +301,20 @@ config AUDIT_TREE depends on AUDITSYSCALL select FSNOTIFY +config AUDIT_LOGINUID_IMMUTABLE + bool "Make audit loginuid immutable" + depends on AUDIT + help + The config option toggles if a task setting its loginuid requires + CAP_SYS_AUDITCONTROL or if that task should require no special permissions + but should instead only allow setting its loginuid if it was never + previously set. On systems which use systemd or a similar central + process to restart login services this should be set to true. On older + systems in which an admin would typically have to directly stop and + start processes this should be set to false. Setting this to true allows + one to drop potentially dangerous capabilites from the login tasks, + but may not be backwards compatible with older init systems. + source "kernel/irq/Kconfig" source "kernel/time/Kconfig" @@ -340,8 +354,7 @@ config VIRT_CPU_ACCOUNTING_NATIVE config VIRT_CPU_ACCOUNTING_GEN bool "Full dynticks CPU time accounting" - depends on HAVE_CONTEXT_TRACKING - depends on HAVE_VIRT_CPU_ACCOUNTING_GEN + depends on HAVE_CONTEXT_TRACKING && 64BIT select VIRT_CPU_ACCOUNTING select CONTEXT_TRACKING help @@ -831,7 +844,7 @@ config NUMA_BALANCING_DEFAULT_ENABLED default y depends on NUMA_BALANCING help - If set, automatic NUMA balancing will be enabled if running on a NUMA + If set, autonumic NUMA balancing will be enabled if running on a NUMA machine. config NUMA_BALANCING @@ -842,7 +855,7 @@ config NUMA_BALANCING help This option adds support for automatic NUMA aware memory/task placement. The mechanism is quite primitive and is based on migrating memory when - it has references to the node the task is running on. + it is references to the node the task is running on. This system will be inactive on UMA systems. @@ -1655,18 +1668,6 @@ config BASE_SMALL default 0 if BASE_FULL default 1 if !BASE_FULL -config SYSTEM_TRUSTED_KEYRING - bool "Provide system-wide ring of trusted keys" - depends on KEYS - help - Provide a system keyring to which trusted keys can be added. Keys in - the keyring are considered to be trusted. Keys may be added at will - by the kernel from compiled-in data and from hardware key stores, but - userspace may only add extra keys if those keys can be verified by - keys already in the keyring. - - Keys in this keyring are used by module signature checking. - menuconfig MODULES bool "Enable loadable module support" option modules @@ -1740,7 +1741,6 @@ config MODULE_SRCVERSION_ALL config MODULE_SIG bool "Module signature verification" depends on MODULES - select SYSTEM_TRUSTED_KEYRING select KEYS select CRYPTO select ASYMMETRIC_KEY_TYPE diff --git a/init/do_mounts.c b/init/do_mounts.c index 8e5addc..a51cddc 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c @@ -197,8 +197,6 @@ done: * is a zero-filled hex representation of the 1-based partition number. * 7) PARTUUID=<UUID>/PARTNROFF=<int> to select a partition in relation to * a partition with a known unique id. - * 8) <major>:<minor> major and minor number of the device separated by - * a colon. * * If name doesn't have fall into the categories above, we return (0,0). * block_class is used to check if something is a disk name. If the disk diff --git a/init/do_mounts_rd.c b/init/do_mounts_rd.c index 7c098ac..6be2879 100644 --- a/init/do_mounts_rd.c +++ b/init/do_mounts_rd.c @@ -57,11 +57,6 @@ static int __init crd_load(int in_fd, int out_fd, decompress_fn deco); * cramfs * squashfs * gzip - * bzip2 - * lzma - * xz - * lzo - * lz4 */ static int __init identify_ramdisk_image(int fd, int start_block, decompress_fn *decompressor) @@ -347,13 +342,6 @@ static int __init crd_load(int in_fd, int out_fd, decompress_fn deco) int result; crd_infd = in_fd; crd_outfd = out_fd; - - if (!deco) { - pr_emerg("Invalid ramdisk decompression routine. " - "Select appropriate config option.\n"); - panic("Could not decompress initial ramdisk image."); - } - result = deco(NULL, 0, compr_fill, compr_flush, NULL, NULL, error); if (decompress_error) result = 1; diff --git a/init/main.c b/init/main.c index febc511..63d3e8f 100644 --- a/init/main.c +++ b/init/main.c @@ -124,6 +124,7 @@ EXPORT_SYMBOL(system_state); extern void time_init(void); /* Default late time init is NULL. archs can override this later. */ void (*__initdata late_time_init)(void); +extern void softirq_init(void); /* Untouched command line saved by arch-specific code. */ char __initdata boot_command_line[COMMAND_LINE_SIZE]; @@ -131,20 +132,11 @@ char __initdata boot_command_line[COMMAND_LINE_SIZE]; char *saved_command_line; /* Command line for parameter parsing */ static char *static_command_line; -/* Command line for per-initcall parameter parsing */ -static char *initcall_command_line; static char *execute_command; static char *ramdisk_execute_command; /* - * Used to generate warnings if static_key manipulation functions are used - * before jump_label_init is called. - */ -bool static_key_initialized __read_mostly = false; -EXPORT_SYMBOL_GPL(static_key_initialized); - -/* * If set, this is an indication to the drivers that reset the underlying * device before going ahead with the initialization otherwise driver might * rely on the BIOS and skip the reset operation. @@ -356,7 +348,6 @@ static inline void smp_prepare_cpus(unsigned int maxcpus) { } static void __init setup_command_line(char *command_line) { saved_command_line = alloc_bootmem(strlen (boot_command_line)+1); - initcall_command_line = alloc_bootmem(strlen (boot_command_line)+1); static_command_line = alloc_bootmem(strlen (command_line)+1); strcpy (saved_command_line, boot_command_line); strcpy (static_command_line, command_line); @@ -702,7 +693,7 @@ int __init_or_module do_one_initcall(initcall_t fn) if (preempt_count() != count) { sprintf(msgbuf, "preemption imbalance "); - preempt_count_set(count); + preempt_count() = count; } if (irqs_disabled()) { strlcat(msgbuf, "disabled interrupts ", sizeof(msgbuf)); @@ -754,9 +745,9 @@ static void __init do_initcall_level(int level) extern const struct kernel_param __start___param[], __stop___param[]; initcall_t *fn; - strcpy(initcall_command_line, saved_command_line); + strcpy(static_command_line, saved_command_line); parse_args(initcall_level_names[level], - initcall_command_line, __start___param, + static_command_line, __start___param, __stop___param - __start___param, level, level, &repair_env_string); @@ -820,26 +811,10 @@ static int run_init_process(const char *init_filename) (const char __user *const __user *)envp_init); } -static int try_to_run_init_process(const char *init_filename) -{ - int ret; - - ret = run_init_process(init_filename); - - if (ret && ret != -ENOENT) { - pr_err("Starting init: %s exists but couldn't execute it (error %d)\n", - init_filename, ret); - } - - return ret; -} - static noinline void __init kernel_init_freeable(void); static int __ref kernel_init(void *unused) { - int ret; - kernel_init_freeable(); /* need to finish all async __init code before freeing the memory */ async_synchronize_full(); @@ -851,11 +826,9 @@ static int __ref kernel_init(void *unused) flush_delayed_fput(); if (ramdisk_execute_command) { - ret = run_init_process(ramdisk_execute_command); - if (!ret) + if (!run_init_process(ramdisk_execute_command)) return 0; - pr_err("Failed to execute %s (error %d)\n", - ramdisk_execute_command, ret); + pr_err("Failed to execute %s\n", ramdisk_execute_command); } /* @@ -865,19 +838,18 @@ static int __ref kernel_init(void *unused) * trying to recover a really broken machine. */ if (execute_command) { - ret = run_init_process(execute_command); - if (!ret) + if (!run_init_process(execute_command)) return 0; - pr_err("Failed to execute %s (error %d). Attempting defaults...\n", - execute_command, ret); + pr_err("Failed to execute %s. Attempting defaults...\n", + execute_command); } - if (!try_to_run_init_process("/sbin/init") || - !try_to_run_init_process("/etc/init") || - !try_to_run_init_process("/bin/init") || - !try_to_run_init_process("/bin/sh")) + if (!run_init_process("/sbin/init") || + !run_init_process("/etc/init") || + !run_init_process("/bin/init") || + !run_init_process("/bin/sh")) return 0; - panic("No working init found. Try passing init= option to kernel. " + panic("No init found. Try passing init= option to kernel. " "See Linux Documentation/init.txt for guidance."); } |