Merge remote-tracking branch 'security/next'

author: Stephen Rothwell <sfr@canb.auug.org.au> 2017-02-17 12:10:04 +1100
committer: Stephen Rothwell <sfr@canb.auug.org.au> 2017-02-17 12:10:06 +1100
commit: b7e522b5644499784cb03674ce4ea297b150c105 (patch)
tree: 31ff4b692d5a90ce94b880c5821165b95ddc305f /Documentation
parent: 58dd05a9ae4c5a85cfa93b3e15574752e64c7972 (diff)
parent: 52176603795c2ab7e9faf6bb94820da1b726aabd (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/Documentation/security/LSM.txt b/Documentation/security/LSM.txt
index 3db7e671c440..c2683f28ed36 100644
--- a/Documentation/security/LSM.txt
+++ b/Documentation/security/LSM.txt
@@ -22,6 +22,13 @@ system, building their checks on top of the defined capability hooks.
 For more details on capabilities, see capabilities(7) in the Linux
 man-pages project.
 
+A list of the active security modules can be found by reading
+/sys/kernel/security/lsm. This is a comma separated list, and
+will always include the capability module. The list reflects the
+order in which checks are made. The capability module will always
+be first, followed by any "minor" modules (e.g. Yama) and then
+the one "major" module (e.g. SELinux) if there is one configured.
+
 Based on https://lkml.org/lkml/2007/10/26/215,
 a new LSM is accepted into the kernel when its intent (a description of
 what it tries to protect against and in what cases one would expect to
author	Stephen Rothwell <sfr@canb.auug.org.au>	2017-02-17 12:10:04 +1100
committer	Stephen Rothwell <sfr@canb.auug.org.au>	2017-02-17 12:10:06 +1100
commit	b7e522b5644499784cb03674ce4ea297b150c105 (patch)
tree	31ff4b692d5a90ce94b880c5821165b95ddc305f /Documentation
parent	58dd05a9ae4c5a85cfa93b3e15574752e64c7972 (diff)
parent	52176603795c2ab7e9faf6bb94820da1b726aabd (diff)