要使能一个 LSM 有两个步骤： 1、该 LSM 的编译选项被打开 各 LSM 代码中都会使用 DEFINE_LSM() 在内核中创建该模块。这个宏的定义如下： 1// include/linux/lsm_hooks.h 2 3#define DEFINE_LSM(lsm) \ 4 static struct lsm_info __lsm_##lsm \ 5 __used __section(".lsm_info.init") \ 6 __aligned(sizeof(unsigned long)) 其实就是创建了一个 struct lsm_info 的实例， …

1. What is initramfs? It is ramfs that serves as an initial rootfs. It contains a complete set of directories that you would find on a normal root filesystem. It is bundled into a single cpio archive and (optionally) further compressed by one of the common compression algorithms like gzip or xz. 2. What is it used for? …