LSM: Separate idea of "major" LSM from "exclusive" LSM In order to both support old "security=" Legacy Major LSM selection, and handling real exclusivity, this creates LSM_FLAG_EXCLUSIVE and updates the selection logic to handle them. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>

commit: 14bd99c821f7ace0e8110a1bfdfaa27e1788e20f [log] [tgz]
author: Kees Cook <keescook@chromium.org> Wed Sep 19 19:57:06 2018 -0700
committer: Kees Cook <keescook@chromium.org> Tue Jan 08 13:18:43 2019 -0800
tree: a5feee1ff6b832eaffef89d1bde995e0574723e2
parent: 7e611486d905f435faf80969deed68a615019e6b [diff] [blame]
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index e28a3aa..c3843b3 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h

@@ -2043,6 +2043,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count,
 				char *lsm);
 
 #define LSM_FLAG_LEGACY_MAJOR	BIT(0)
+#define LSM_FLAG_EXCLUSIVE	BIT(1)
 
 struct lsm_info {
 	const char *name;	/* Required. */
commit	14bd99c821f7ace0e8110a1bfdfaa27e1788e20f	[log] [tgz]
author	Kees Cook <keescook@chromium.org>	Wed Sep 19 19:57:06 2018 -0700
committer	Kees Cook <keescook@chromium.org>	Tue Jan 08 13:18:43 2019 -0800
tree	a5feee1ff6b832eaffef89d1bde995e0574723e2
parent	7e611486d905f435faf80969deed68a615019e6b [diff] [blame]