lsm.debug [SECURITY] Enable LSM initialization debugging output.
+ lsm=lsm1,...,lsmN
+ [SECURITY] Choose order of LSM initialization. This
+ overrides CONFIG_LSM.
+
machvec= [IA-64] Force the use of a particular machine-vector
(machvec) in a generic kernel.
Example: machvec=hpzx1_swiotlb
default "integrity"
help
A comma-separated list of LSMs, in initialization order.
- Any LSMs left off this list will be ignored.
+ Any LSMs left off this list will be ignored. This can be
+ controlled at boot with the "lsm=" parameter.
If unsure, leave this as the default.
/* Boot-time LSM user choice */
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
CONFIG_DEFAULT_SECURITY;
+static __initdata const char *chosen_lsm_order;
static __initconst const char * const builtin_lsm_order = CONFIG_LSM;
ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms),
GFP_KERNEL);
- ordered_lsm_parse(builtin_lsm_order, "builtin");
+ if (chosen_lsm_order)
+ ordered_lsm_parse(chosen_lsm_order, "cmdline");
+ else
+ ordered_lsm_parse(builtin_lsm_order, "builtin");
for (lsm = ordered_lsms; *lsm; lsm++)
maybe_initialize_lsm(*lsm);
}
__setup("security=", choose_lsm);
+/* Explicitly choose LSM initialization order. */
+static int __init choose_lsm_order(char *str)
+{
+ chosen_lsm_order = str;
+ return 1;
+}
+__setup("lsm=", choose_lsm_order);
+
/* Enable LSM order debugging. */
static int __init enable_debug(char *str)
{
projects / openwrt / staging / blogic.git / commitdiff