[PATCH security-next v4 23/32] selinux: Remove boot parameter

Paul Moore paul at paul-moore.com
Mon Oct 8 14:25:59 UTC 2018


On Thu, Oct 4, 2018 at 1:38 AM John Johansen
<john.johansen at canonical.com> wrote:
> On 10/03/2018 10:26 AM, Kees Cook wrote:

...

> > Either a distro builds a very specific subset of LSMs, or they build
> > in all LSMs (for the user to choose from). In both cases, they set an
> > explicit order, which defines which exclusive LSM get selected.
>
> and when lsm stacking lands, that exlusive LSM goes away.

FWIW, I still believe in my earlier statements supporting explicitly
enabling LSM stacking via Kconfig.

-- 
paul moore
www.paul-moore.com



More information about the Linux-security-module-archive mailing list