Igor Stoppa wrote: > Who decides when enough is enough, meaning that all the needed modules > are loaded? > Should I provide an interface to user-space? A sysfs entry?
No such interface is needed. Just an API for applying set_memory_rw() and set_memory_ro() on LSM hooks is enough. security_add_hooks() can call set_memory_rw() before adding hooks and call set_memory_ro() after adding hooks. Ditto for security_delete_hooks() for SELinux's unregistration.