[PATCH 01/24] Add the ability to lock down access to the running kernel image
Andy Lutomirski
luto at amacapital.net
Thu Apr 12 02:57:12 UTC 2018
On Wed, Apr 11, 2018 at 9:24 AM, David Howells <dhowells at redhat.com> wrote:
>
> (*) CONFIG_LOCK_DOWN_KERNEL
>
> This makes lockdown available and applies it to all the points that
> need to be locked down if the mode is set. Lockdown mode can be
> enabled by providing:
>
> lockdown=1
By doing this, you are basically committing to making the
protect-kernel-integrity vs protect-kernel-secrecy split be a
second-class citizen if it gets added.
How about lockdown=integrity_and_secrecy or lockdown=2 if you feel
like using numbers?
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list