On Tue, Oct 2, 2018 at 2:20 PM, James Morris <jmorris@xxxxxxxxx> wrote: > On Mon, 1 Oct 2018, Kees Cook wrote: > >> LSM initialization failures have traditionally been ignored. We should >> at least WARN when something goes wrong. > > I guess we could have a boot param which specifies what to do if any LSM > fails to init, as I think some folks will want to stop execution at that > point. > > Thoughts? I'm not opposed, but I won't author it because Linus will yell at me about introducing a "machine killing" option. -Kees -- Kees Cook Pixel Security
