On Thu, Aug 1, 2019 at 7:22 AM Jessica Yu <jeyu@xxxxxxxxxx> wrote: > Apologies if this was addressed in another patch in your series (I've > only skimmed the first few), but what should happen if the kernel is > locked down, but CONFIG_MODULE_SIG=n? Or shouldn't CONFIG_SECURITY_LOCKDOWN_LSM > depend on CONFIG_MODULE_SIG? Otherwise I think we'll end up calling > the empty !CONFIG_MODULE_SIG module_sig_check() stub even though > lockdown is enabled. Hm. Someone could certainly configure their kernel in that way. I'm not sure that tying CONFIG_SECURITY_LOCKDOWN_LSM to CONFIG_MODULE_SIG is the right solution, since the new LSM approach means that any other LSM could also impose the same policy. Perhaps we should just document this?