Skip to content
Commit 45351056 authored by James Morris's avatar James Morris Committed by Olav Haugan
Browse files

security: introduce CONFIG_SECURITY_WRITABLE_HOOKS 



Subsequent patches will add RO hardening to LSM hooks, however, SELinux
still needs to be able to perform runtime disablement after init to handle
architectures where init-time disablement via boot parameters is not feasible.

Introduce a new kernel configuration parameter CONFIG_SECURITY_WRITABLE_HOOKS,
and a helper macro __lsm_ro_after_init, to handle this case.

Change-Id: I95b96f67402ec7eb3a31befdd11af4e6bdc04d9d
Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
Acked-by: default avatarKees Cook <keescook@chromium.org>
Git-commit: dd0859dccbe291cf8179a96390f5c0e45cb9af1d
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git


Signed-off-by: default avatarOlav Haugan <ohaugan@codeaurora.org>
parent 814e5c69
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment