[PATCH security-next v4 23/32] selinux: Remove boot parameter
Paul Moore
paul at paul-moore.com
Mon Oct 8 14:25:59 UTC 2018
On Thu, Oct 4, 2018 at 1:38 AM John Johansen
<john.johansen at canonical.com> wrote:
> On 10/03/2018 10:26 AM, Kees Cook wrote:
...
> > Either a distro builds a very specific subset of LSMs, or they build
> > in all LSMs (for the user to choose from). In both cases, they set an
> > explicit order, which defines which exclusive LSM get selected.
>
> and when lsm stacking lands, that exlusive LSM goes away.
FWIW, I still believe in my earlier statements supporting explicitly
enabling LSM stacking via Kconfig.
--
paul moore
www.paul-moore.com
More information about the Linux-security-module-archive
mailing list