On Thu, Jun 20, 2019 at 10:23 PM Andy Lutomirski <luto@xxxxxxxxxx> wrote: > > On Thu, Jun 20, 2019 at 6:22 PM Matthew Garrett > <matthewgarrett@xxxxxxxxxx> wrote: > > > > The lockdown module is intended to allow for kernels to be locked down > > early in boot - sufficiently early that we don't have the ability to > > kmalloc() yet. Add support for early initialisation of some LSMs, and > > then add them to the list of names when we do full initialisation later. > > I'm confused. What does it even mean to lock down the kernel before > we're ready to run userspace code? We can't possibly be attacked by > user code before there is any to attack us. Certain kernel parameters can be disabled by lockdown, so we want to have policy available before that parsing happens.
