[PATCH 01/24] Add the ability to lock down access to the running kernel image

Andy Lutomirski luto at amacapital.net
Thu Apr 12 02:57:12 UTC 2018

On Wed, Apr 11, 2018 at 9:24 AM, David Howells <dhowells at redhat.com> wrote:
>      This makes lockdown available and applies it to all the points that
>      need to be locked down if the mode is set.  Lockdown mode can be
>      enabled by providing:
>         lockdown=1

By doing this, you are basically committing to making the
protect-kernel-integrity vs protect-kernel-secrecy split be a
second-class citizen if it gets added.

How about lockdown=integrity_and_secrecy or lockdown=2 if you feel
like using numbers?
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the Linux-security-module-archive mailing list