On Thu, Sep 20, 2018 at 5:04 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 9/20/2018 9:23 AM, Kees Cook wrote: >> This constructs a list of ordered LSMs to initialize, using a hard-coded >> list of only "integrity": minor LSMs continue to have direct hook calls, >> and major LSMs continue to initialize separately. >> >> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > > Do you think that this mechanism will be sufficiently > flexible to accommodate dynamically loaded security modules > in the future? While I am not personally an advocate of > dynamically loaded security modules I have been working to > ensure that I haven't done anything that would actively > interfere with someone who did. I don't think it does, no. This is all just the boot time initialization order, so a dynamic LSM would be unchanged: it would initialize at module load time. :) -Kees -- Kees Cook Pixel Security
