[RFC PATCH 2/2] security: Add mechanism to (un)load LSMs after boot time

James Morris jmorris at namei.org
Tue Mar 27 08:08:08 UTC 2018

On Mon, 26 Mar 2018, Sargun Dhillon wrote:

> Today, the only "mutable" module we have is SELinux. It has a kernel
> config flag which determines if it is unloadable (mutable) or not. If
> you look at the patchset, it, in fact, sets mutability based on that
> config flag:
> -       security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux");
> +       security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux",
> +                               IS_ENABLED(CONFIG_SECURITY_SELINUX_DISABLE));

There has been discussion about removing the ability to unload SELinux -- 
not sure what the current status of that is.

Regardless, it's a special case for historical reasons and should not be 
thought of as an example for future use.

> Similarly, modules can change this behaviour based on their own
> choices, whether that be config flags, boot parameters, or similar. In
> my opinion, most LSMs should never be unloadable. 

All, probably.

James Morris
<jmorris at namei.org>

To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the Linux-security-module-archive mailing list