diff options
| -rw-r--r-- | Documentation/admin-guide/kernel-parameters.txt | 10 | ||||
| -rw-r--r-- | security/security.c | 8 |
2 files changed, 10 insertions, 8 deletions
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index e59e1471d4db..91c0251fdb86 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt | |||
| @@ -2321,7 +2321,7 @@ | |||
| 2321 | 2321 | ||
| 2322 | lsm=lsm1,...,lsmN | 2322 | lsm=lsm1,...,lsmN |
| 2323 | [SECURITY] Choose order of LSM initialization. This | 2323 | [SECURITY] Choose order of LSM initialization. This |
| 2324 | overrides CONFIG_LSM. | 2324 | overrides CONFIG_LSM, and the "security=" parameter. |
| 2325 | 2325 | ||
| 2326 | machvec= [IA-64] Force the use of a particular machine-vector | 2326 | machvec= [IA-64] Force the use of a particular machine-vector |
| 2327 | (machvec) in a generic kernel. | 2327 | (machvec) in a generic kernel. |
| @@ -4094,11 +4094,9 @@ | |||
| 4094 | Note: increases power consumption, thus should only be | 4094 | Note: increases power consumption, thus should only be |
| 4095 | enabled if running jitter sensitive (HPC/RT) workloads. | 4095 | enabled if running jitter sensitive (HPC/RT) workloads. |
| 4096 | 4096 | ||
| 4097 | security= [SECURITY] Choose a security module to enable at boot. | 4097 | security= [SECURITY] Choose a legacy "major" security module to |
| 4098 | If this boot parameter is not specified, only the first | 4098 | enable at boot. This has been deprecated by the |
| 4099 | security module asking for security registration will be | 4099 | "lsm=" parameter. |
| 4100 | loaded. An invalid security module name will be treated | ||
| 4101 | as if no module has been chosen. | ||
| 4102 | 4100 | ||
| 4103 | selinux= [SELINUX] Disable or enable SELinux at boot time. | 4101 | selinux= [SELINUX] Disable or enable SELinux at boot time. |
| 4104 | Format: { "0" | "1" } | 4102 | Format: { "0" | "1" } |
diff --git a/security/security.c b/security/security.c index b6bff646d373..ed9b8cbf21cf 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -288,9 +288,13 @@ static void __init ordered_lsm_init(void) | |||
| 288 | ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), | 288 | ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), |
| 289 | GFP_KERNEL); | 289 | GFP_KERNEL); |
| 290 | 290 | ||
| 291 | if (chosen_lsm_order) | 291 | if (chosen_lsm_order) { |
| 292 | if (chosen_major_lsm) { | ||
| 293 | pr_info("security= is ignored because it is superseded by lsm=\n"); | ||
| 294 | chosen_major_lsm = NULL; | ||
| 295 | } | ||
| 292 | ordered_lsm_parse(chosen_lsm_order, "cmdline"); | 296 | ordered_lsm_parse(chosen_lsm_order, "cmdline"); |
| 293 | else | 297 | } else |
| 294 | ordered_lsm_parse(builtin_lsm_order, "builtin"); | 298 | ordered_lsm_parse(builtin_lsm_order, "builtin"); |
| 295 | 299 | ||
| 296 | for (lsm = ordered_lsms; *lsm; lsm++) | 300 | for (lsm = ordered_lsms; *lsm; lsm++) |