On Wed, May 30, 2018 at 10:37:25AM -0700, Alexander Ivanov wrote: > On Wed, 30 May 2018 13:25 -0400, valdis.kletnieks@xxxxxx wrote: > > What question do you have about it? > > There are a couple, actually :) > First, theoretical, I suppose: what were the reasons to effectively > disable dynamic loading of LSM ? This was discussed loads when LSM was first created. I'll leave this as an exercise for the reader, how would you properly unload a LSM? Think about what a LSM does to lots and lots of different objects in the kernel... > Second, is there a way for two or more LSMs to co-exist? After > inspecting security_module_enable() and register_security(), it > doesn't seem possible, however yama does attempt to load itself? Am I > missing something? Again, this is discussed all the time. Search for "stackable LSM" and you should find lots of threads about the problems involved, how people are considering solving them, and what workarounds are currently in place to allow some LSM to do this today. I think google is your friend here, read the mailing list archives, it has all of this information there already. good luck! greg k-h _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
