On Tue, Jun 27, 2017 at 08:33:23PM +0300, Igor Stoppa wrote: > From: Igor Stoppa <igor.stoppa@xxxxxxxxx> > > This patch shows how it is possible to take advantage of pmalloc: > instead of using the build-time option __lsm_ro_after_init, to decide if > it is possible to keep the hooks modifiable, now this becomes a > boot-time decision, based on the kernel command line. > > This patch relies on: > > "Convert security_hook_heads into explicit array of struct list_head" > Author: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > > to break free from the static constraint imposed by the previous > hardening model, based on __ro_after_init. > > The default value is disabled, unless SE Linux debugging is turned on. Can we please just force it to be read-only? -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
