Merge remote-tracking branch 'security/next'

author: Stephen Rothwell <sfr@canb.auug.org.au> 2017-02-09 13:27:36 +1100
committer: Stephen Rothwell <sfr@canb.auug.org.au> 2017-02-09 13:27:36 +1100
commit: 01cb8a720027d65f683c4806a72faa7cd2d720f3 (patch)
tree: 3b529b0e6d50376f4b1a023838b64161606cc8ea /Documentation
parent: dacdf13105780666348116d92893157dc04b5382 (diff)
parent: e2241be62deabe09d7c681326fcb0bc707082147 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/Documentation/security/LSM.txt b/Documentation/security/LSM.txt
index 3db7e671c440..c2683f28ed36 100644
--- a/Documentation/security/LSM.txt
+++ b/Documentation/security/LSM.txt
@@ -22,6 +22,13 @@ system, building their checks on top of the defined capability hooks.
 For more details on capabilities, see capabilities(7) in the Linux
 man-pages project.
 
+A list of the active security modules can be found by reading
+/sys/kernel/security/lsm. This is a comma separated list, and
+will always include the capability module. The list reflects the
+order in which checks are made. The capability module will always
+be first, followed by any "minor" modules (e.g. Yama) and then
+the one "major" module (e.g. SELinux) if there is one configured.
+
 Based on https://lkml.org/lkml/2007/10/26/215,
 a new LSM is accepted into the kernel when its intent (a description of
 what it tries to protect against and in what cases one would expect to
author	Stephen Rothwell <sfr@canb.auug.org.au>	2017-02-09 13:27:36 +1100
committer	Stephen Rothwell <sfr@canb.auug.org.au>	2017-02-09 13:27:36 +1100
commit	01cb8a720027d65f683c4806a72faa7cd2d720f3 (patch)
tree	3b529b0e6d50376f4b1a023838b64161606cc8ea /Documentation
parent	dacdf13105780666348116d92893157dc04b5382 (diff)
parent	e2241be62deabe09d7c681326fcb0bc707082147 (diff)