• Ahmed S. Darwish's avatar
    Security: Introduce security= boot parameter · 076c54c5
    Ahmed S. Darwish authored
    Add the security= boot parameter. This is done to avoid LSM
    registration clashes in case of more than one bult-in module.
    
    User can choose a security module to enable at boot. If no
    security= boot parameter is specified, only the first LSM
    asking for registration will be loaded. An invalid security
    module name will be treated as if no module has been chosen.
    
    LSM modules must check now if they are allowed to register
    by calling security_module_enable(ops) first. Modify SELinux
    and SMACK to do so.
    
    Do not let SMACK register smackfs if it was not chosen on
    boot. Smackfs assumes that smack hooks are registered and
    the initial task security setup (swapper->security) is done.
    Signed-off-by: default avatarAhmed S. Darwish <darwish.07@gmail.com>
    Acked-by: default avatarJames Morris <jmorris@namei.org>
    076c54c5
kernel-parameters.txt 67.1 KB