Hello, On Mon, Feb 18, 2019 at 11:03:58AM +0100, Ondrej Mosnacek wrote: > I don't think there is a way currently to check whether some LSM has > been enabled at boot or not. I suppose we could add such function for > this kind of heuristics, but I'm not sure how it would interplay with > the plans to allow multiple LSM to be enabled simultaneously... > Perhaps it would be better/easier to just add a > security_kernfs_needs_init() function, which would simply check if the > list of registered kernfs_init_security hooks is empty. > > I propose something like the patch below (the whitespace is mangled - > intended just for visual review). I plan to fold it into the next > respin if there are no objections to this approach. Sounds good to me. Thanks. -- tejun
