]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 29ced89) | patch
security: Add a static lockdown policy LSM
authorMatthew Garrett <matthewgarrett@google.com>
Tue, 20 Aug 2019 00:17:39 +0000 (17:17 -0700)
committerJames Morris <jmorris@namei.org>
Tue, 20 Aug 2019 04:54:15 +0000 (21:54 -0700)
commit352b4516d233ccdfc262d71ef15908ad8d729f56
tree8df5d266713aa79f5009a515ec5db597a61aba30tree | snapshot
parent29ced899882169fb5ad7bff65afbe6a3c5a3dbf1commit | diff
security: Add a static lockdown policy LSM

While existing LSMs can be extended to handle lockdown policy,
distributions generally want to be able to apply a straightforward
static policy. This patch adds a simple LSM that can be configured to
reject either integrity or all lockdown queries, and can be configured
at runtime (through securityfs), boot time (via a kernel parameter) or
build time (via a kconfig option). Based on initial code by David
Howells.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Documentation/admin-guide/kernel-parameters.txt diff | blob | history
include/linux/security.h diff | blob | history
security/Kconfig diff | blob | history
security/Makefile diff | blob | history
security/lockdown/Kconfig [new file with mode: 0644] blob
security/lockdown/Makefile [new file with mode: 0644] blob
security/lockdown/lockdown.c [new file with mode: 0644] blob
Linux Kernel Source Tree.