On Thu, Oct 4, 2018 at 1:38 AM John Johansen <john.johansen@xxxxxxxxxxxxx> wrote: > On 10/03/2018 10:26 AM, Kees Cook wrote: ... > > Either a distro builds a very specific subset of LSMs, or they build > > in all LSMs (for the user to choose from). In both cases, they set an > > explicit order, which defines which exclusive LSM get selected. > > and when lsm stacking lands, that exlusive LSM goes away. FWIW, I still believe in my earlier statements supporting explicitly enabling LSM stacking via Kconfig. -- paul moore www.paul-moore.com
