mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-07-28 17:42:14 +00:00
security: Add a static lockdown policy LSM
While existing LSMs can be extended to handle lockdown policy, distributions generally want to be able to apply a straightforward static policy. This patch adds a simple LSM that can be configured to reject either integrity or all lockdown queries, and can be configured at runtime (through securityfs), boot time (via a kernel parameter) or build time (via a kconfig option). Based on initial code by David Howells. Signed-off-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Matthew Garrett
James Morris
parent
9e47d31d6a
commit
000d388ed3
7 changed files with 236 additions and 5 deletions
include/linux
|
|
@ -97,6 +97,9 @@ enum lsm_event {
|
|||
* potentially a moving target. It is easy to misuse this information
|
||||
* in a way that could break userspace. Please be careful not to do
|
||||
* so.
|
||||
*
|
||||
* If you add to this, remember to extend lockdown_reasons in
|
||||
* security/lockdown/lockdown.c.
|
||||
*/
|
||||
enum lockdown_reason {
|
||||
LOCKDOWN_NONE,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue