On Sun, Jul 10, 2022 at 03:10:54PM +0200, theflamefire89@xxxxxxxxx wrote: > From: James Morris <jmorris@xxxxxxxxx> > > commit dd0859dccbe291cf8179a96390f5c0e45cb9af1d upstream. > > Subsequent patches will add RO hardening to LSM hooks, however, SELinux > still needs to be able to perform runtime disablement after init to handle > architectures where init-time disablement via boot parameters is not feasible. > > Introduce a new kernel configuration parameter CONFIG_SECURITY_WRITABLE_HOOKS, > and a helper macro __lsm_ro_after_init, to handle this case. > > Signed-off-by: James Morris <james.l.morris@xxxxxxxxxx> > Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > Acked-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> > Signed-off-by: Alexander Grund <git@xxxxxxxxxx> > --- > include/linux/lsm_hooks.h | 7 +++++++ > security/Kconfig | 5 +++++ > security/selinux/Kconfig | 6 ++++++ > 3 files changed, 18 insertions(+) What kernel version(s) are you wanting this applied to? And your email send address does not match your signed-off-by name/address, so for obvious reasons, we can't take this. thanks, greg k-h