expose proc_dointvec_minmax_sysadmin as sysctl exported API

anthraxx / linux-hardened

Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening

Other

554 stars 55 forks source link

expose proc_dointvec_minmax_sysadmin as sysctl exported API #49

Closed anthraxx closed 3 years ago

anthraxx commented 3 years ago

proc_dointvec_minmax_sysadmin is currently only declared when CONFIG_PRINTK is set as all current vanilla knobs using it also depend on CONFIG_PRINTK. However currently some hardened patches break without CONFIG_PRINTK set. It doesn't make sense to only declare that function in case CONFIG_PRINTK is set, lets make it a sysctl API and export the symbol without requiring CONFIG_PRINTK

madaidan commented 3 years ago

Isn't this as simple as removing https://github.com/anthraxx/linux-hardened/blob/master/kernel/sysctl.c#L899?

anthraxx commented 3 years ago

not as easy as that as it needs to be exposed as exported API so kernel modules are able to use it as well not just compiled in parts of the kernel. It's been implemented already, if you wanna review 984be62eb903c0b487415d4a6c2bf7a034aa81ea you can simply test the whole branch wip/usb-sysctl

anthraxx commented 3 years ago

implemented and backported to all maintained branches