要使能一个 LSM 有两个步骤： 1、该 LSM 的编译选项被打开 各 LSM 代码中都会使用 DEFINE_LSM() 在内核中创建该模块。这个宏的定义如下： 1// include/linux/lsm_hooks.h 2 3#define DEFINE_LSM(lsm) \ 4 static struct lsm_info __lsm_##lsm \ 5 __used __section(".lsm_info.init") \ 6 __aligned(sizeof(unsigned long)) 其实就是创建了一个 struct lsm_info 的实例， …

Linux 内核主线相关补丁： 1ecd5f82e05dd LSM: Infrastructure management of the ipc security blob 2019bcca4626a Smack: Abstract use of ipc security blobs 37c6538280ae9 SELinux: Abstract use of ipc security blobs 4f4ad8f2c4076 LSM: Infrastructure management of the task security 5afb1cbe37440 LSM: Infrastructure management of the …