From 13e735c0e953246bd531d342bb86acb5b1bf664a Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@chromium.org>
Date: Tue, 9 Oct 2018 14:27:46 -0700
Subject: LSM: Introduce CONFIG_LSM

This provides a way to declare LSM initialization order via the new
CONFIG_LSM. Currently only non-major LSMs are recognized. This will
be expanded in future patches.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 security/Kconfig | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'security/Kconfig')

diff --git a/security/Kconfig b/security/Kconfig
index e4fe2f3c2c65..7f21190cb677 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -276,5 +276,14 @@ config DEFAULT_SECURITY
 	default "apparmor" if DEFAULT_SECURITY_APPARMOR
 	default "" if DEFAULT_SECURITY_DAC
 
+config LSM
+	string "Ordered list of enabled LSMs"
+	default "integrity"
+	help
+	  A comma-separated list of LSMs, in initialization order.
+	  Any LSMs left off this list will be ignored.
+
+	  If unsure, leave this as the default.
+
 endmenu
 
-- 
cgit v1.2.3