summaryrefslogtreecommitdiff
path: root/Documentation/security/LSM.txt
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/security/LSM.txt')
-rw-r--r--Documentation/security/LSM.txt7
1 files changed, 7 insertions, 0 deletions
diff --git a/Documentation/security/LSM.txt b/Documentation/security/LSM.txt
index 3db7e671c440..c2683f28ed36 100644
--- a/Documentation/security/LSM.txt
+++ b/Documentation/security/LSM.txt
@@ -22,6 +22,13 @@ system, building their checks on top of the defined capability hooks.
For more details on capabilities, see capabilities(7) in the Linux
man-pages project.
+A list of the active security modules can be found by reading
+/sys/kernel/security/lsm. This is a comma separated list, and
+will always include the capability module. The list reflects the
+order in which checks are made. The capability module will always
+be first, followed by any "minor" modules (e.g. Yama) and then
+the one "major" module (e.g. SELinux) if there is one configured.
+
Based on https://lkml.org/lkml/2007/10/26/215,
a new LSM is accepted into the kernel when its intent (a description of
what it tries to protect against and in what cases one would expect to
generated by cgit v1.2.3 (git 2.39.0) at 2024-11-09 01:24:54 +0300