LSM: Ignore "security=" when "lsm=" is specified
To avoid potential confusion, explicitly ignore "security=" when "lsm=" is used on the command line, and report that it is happening. Suggested-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.morris@microsoft.com>
This commit is contained in:
Kees Cook
James Morris
@@ -288,9 +288,13 @@ static void __init ordered_lsm_init(void)
|
||||
ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms),
|
||||
GFP_KERNEL);
|
||||
|
||||
if (chosen_lsm_order)
|
||||
if (chosen_lsm_order) {
|
||||
if (chosen_major_lsm) {
|
||||
pr_info("security= is ignored because it is superseded by lsm=\n");
|
||||
chosen_major_lsm = NULL;
|
||||
}
|
||||
ordered_lsm_parse(chosen_lsm_order, "cmdline");
|
||||
else
|
||||
} else
|
||||
ordered_lsm_parse(builtin_lsm_order, "builtin");
|
||||
|
||||
for (lsm = ordered_lsms; *lsm; lsm++)
|
||||
|
||||
Reference in New Issue
Block a user