LSM: Introduce "lsm=" for boottime LSM selection (79f7865d) · Commits · EulixOS / Software / Kernel

Documentation/admin-guide/kernel-parameters.txt

+4 −0

Original line number	Diff line number	Diff line
		@@ -2319,6 +2319,10 @@

		lsm.debug [SECURITY] Enable LSM initialization debugging output.

		lsm=lsm1,...,lsmN
		[SECURITY] Choose order of LSM initialization. This
		overrides CONFIG_LSM.

		machvec= [IA-64] Force the use of a particular machine-vector
		(machvec) in a generic kernel.
		Example: machvec=hpzx1_swiotlb

+2 −1

Original line number	Diff line number	Diff line
		@@ -281,7 +281,8 @@ config LSM
		default "integrity"
		help
		A comma-separated list of LSMs, in initialization order.
		Any LSMs left off this list will be ignored.
		Any LSMs left off this list will be ignored. This can be
		controlled at boot with the "lsm=" parameter.

		If unsure, leave this as the default.

+13 −1

Original line number	Diff line number	Diff line
		@@ -47,6 +47,7 @@ char *lsm_names;
		/* Boot-time LSM user choice */
		static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
		CONFIG_DEFAULT_SECURITY;
		static __initdata const char *chosen_lsm_order;

		static __initconst const char * const builtin_lsm_order = CONFIG_LSM;

		@@ -190,6 +191,9 @@ static void __init ordered_lsm_init(void)
		ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms),
		GFP_KERNEL);

		if (chosen_lsm_order)
		ordered_lsm_parse(chosen_lsm_order, "cmdline");
		else
		ordered_lsm_parse(builtin_lsm_order, "builtin");

		for (lsm = ordered_lsms; *lsm; lsm++)
		@@ -252,6 +256,14 @@ static int __init choose_lsm(char *str)
		}
		__setup("security=", choose_lsm);

		/* Explicitly choose LSM initialization order. */
		static int __init choose_lsm_order(char *str)
		{
		chosen_lsm_order = str;
		return 1;
		}
		__setup("lsm=", choose_lsm_order);

		/* Enable LSM order debugging. */
		static int __init enable_debug(char *str)
		{