Subject: [PATCH v6 1/3] LSM: Add /sys/kernel/security/lsm
I got tired of having to find indirect ways to
determine what security modules are active on a system.
I have added /sys/kernel/security/lsm, which contains a
comma separated list of the active security modules. No
more groping around in
Casey Schaufler wrote:
> diff --git a/security/security.c b/security/security.c
> index f825304..f0a802ee 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -32,6 +32,7 @@
> /* Maximum number of letters for an LSM name string */
> #define SECURITY_NAME_MAX10
>
> +char *lsm_
On 11/1/2016 5:53 AM, Tetsuo Handa wrote:
> Casey Schaufler wrote:
>> diff --git a/security/security.c b/security/security.c
>> index f825304..f0a802ee 100644
>> --- a/security/security.c
>> +++ b/security/security.c
>> @@ -32,6 +32,7 @@
>> /* Maximum number of letters for an LSM name string */
>>
Casey Schaufler wrote:
> On 11/1/2016 5:53 AM, Tetsuo Handa wrote:
> > I didn't check past discussion, but how do you handle
> > security_delete_hooks()
> > case (I mean, "selinux" will remain there when reading
> > /sys/kernel/security/lsm
> > even after it is disabled at runtime)?
>
> Paul Moo
4 matches
Mail list logo