On Thu, Sep 20, 2018 at 5:12 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 9/20/2018 9:23 AM, Kees Cook wrote: >> Provide a way to reorder LSM initialization using the new "lsm.order=" >> comma-separated list of LSMs. Any LSMs not listed will be added in builtin >> order. >> >> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> >> --- >> Documentation/admin-guide/kernel-parameters.txt | 5 +++++ >> security/security.c | 15 ++++++++++++++- >> 2 files changed, 19 insertions(+), 1 deletion(-) >> >> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt >> index 32d323ee9218..5ac4c1056ffa 100644 >> --- a/Documentation/admin-guide/kernel-parameters.txt >> +++ b/Documentation/admin-guide/kernel-parameters.txt >> @@ -2276,6 +2276,11 @@ >> >> lsm.debug [SECURITY] Enable LSM initialization debugging output. >> >> + lsm.order=lsm1,...,lsmN >> + [SECURITY] Choose order of LSM initialization. Any >> + builtin LSMs not listed here will be implicitly >> + added to the list in builtin order. > > Added at the end of the list, or beginning of the list? Whoops, I had an earlier version that was more clear. I meant to say "appended" instead of "added" here. Fixed for the next version. -Kees -- Kees Cook Pixel Security
