CHROMIUM: LSM: allow old style loads when locking disabled
This is needed when our kernel is used with other userspaces, i.e. Ubuntu
and other distros.
Enabling old-style module init when locking is explicitly disabled doesn't
open up any security exposure for users unless they have disabled
rootfs_verification AND module load restrictions. I.e. default users have
no added exposure.
BUG=chromium-os:37055
TEST=needs a new testcase (crosbug.com/37056)
Change-Id: If5ec577a4c7be64a7fa6a0be6a76f3044de42e14
Signed-off-by: Olof Johansson <olofj@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39383
Reviewed-by: Kees Cook <keescook@chromium.org>
projects / cascardo / linux.git / commit