Add a new LSM notifier event, LSM_STARTED_ALL, which is fired once at boot when all of the LSMs have been started.
Reviewed-by: Kees Cook <[email protected]> Reviewed-by: Casey Schaufler <[email protected]> Reviewed-by: John Johansen <[email protected]> Signed-off-by: Paul Moore <[email protected]> --- include/linux/security.h | 1 + security/lsm_init.c | 1 + 2 files changed, 2 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index 8560c50edd2e..c13f0a849024 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -85,6 +85,7 @@ struct timezone; enum lsm_event { LSM_POLICY_CHANGE, + LSM_STARTED_ALL, }; struct dm_verity_digest { diff --git a/security/lsm_init.c b/security/lsm_init.c index 2bd705836df8..af4046c5c581 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -556,6 +556,7 @@ static int __init security_initcall_late(void) rc = lsm_initcall(late); lsm_pr_dbg("all enabled LSMs fully activated\n"); + call_blocking_lsm_notifier(LSM_STARTED_ALL, NULL); return rc; } -- 2.51.0
