How to register Linux Security Module in kernel 2.6?

Question

I want to use the LSM framework with kernel ubuntu 2.6.36.

When I compiled the kernel module, it wrote:

WARNING: "register_security " undefined!

After a lot of googlings, I found the reason is that the register_security() symbol is no longer exported in the 2.6 kernel.

So I added EXPORT_SYMBOL(register_security) in the ../security/security.c file, and recompiled the kernel.

After booting with the new kernel, I added extern int register_security(struct security_operations *ops) in my kernel module file, and compiled the module again. However, the WARNING information still existed. If I continued to insmode the module, the dmesg told me that

Unknown symbol register_security

What should I do? How can I register a Linux Security Module?

Answer 1

1. Make sure newly loaded kernel is the one, which is compiled by you.
2. Check the Licence of your module (Ref: http://lists.jammed.com/linux-security-module/2004/08/0053.html)

Answer 2

Unknown symbol register_security

Happened at the line that you unregister your LSM. So add unregister_security() in security.c and export it:

 /**
 *  unregister_security - allows security modules to be moved
 * @ops : a pointer to the struct security_options that had been registered before.
 */
 int unregister_security(struct security_operations *ops)
{
        if (ops != security_ops) 
      {
                printk (KERN_INFO "%s: trying to unregister "
                        "a security_opts structure that is not "
                         "registered, failing.\n", __FUNCTION__);
                return -EINVAL;
         }
     security_ops = &dummy_security_ops;
      return 0;
}
 EXPORT_SYMBOL(unregister_security);

And recompiled the kernel.

Answer 3

In modern kernels register_security symbol does not exported. It means that you can't register LSM module as a module. But if you really wish to do that you can do that :) Look at the exported LSM-symbols like security_sb_copy_data. They are simple wrappers over the security_ops->some_lsm_method. So, you can use their code to determine security_ops pointer value. It needs disassembler though.