On Wed, 10 May 2017, Mickaël Salaün wrote: > The commit d69dece5f5b6 ("LSM: Add /sys/kernel/security/lsm") extend > security_add_hooks() with a new parameter to register the LSM name, > which may be useful to make the list of currently loaded LSM available > to userspace. However, there is no clean way for an LSM to split its > hook declarations into multiple files, which may reduce the mess with > all the included files (needed for LSM hook argument types) and make the > source code easier to review and maintain. > > This change allows an LSM to register multiple times its hook while > keeping a consistent list of LSM names as described in > Documentation/security/LSM.txt . The list reflects the order in which > checks are made. This patch only check for the last registered LSM. If > an LSM register multiple times its hooks, interleaved with other LSM > registrations (which should not happen), its name will still appear in > the same order that the hooks are called, hence multiple times. > > To sum up, "capability,selinux,foo,foo" will be replaced with > "capability,selinux,foo", however "capability,foo,selinux,foo" will > remain as is.
Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris <jmor...@namei.org>