Linux kernel development work - see feature branches https://git.zx2c4.com/linux-dev/atom/security/lockdown/Makefile?h=linus%2Fmaster 2019-08-20T04:54:15Z 2019-08-20T04:54:15Z Matthew Garrett matthewgarrett@google.com 2019-08-20T00:17:39Z urn:sha1:000d388ed3bbed745f366ce71b2bb7c2ee70f449 While existing LSMs can be extended to handle lockdown policy, distributions generally want to be able to apply a straightforward static policy. This patch adds a simple LSM that can be configured to reject either integrity or all lockdown queries, and can be configured at runtime (through securityfs), boot time (via a kernel parameter) or build time (via a kconfig option). Based on initial code by David Howells. Signed-off-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>