On 7/21/2025 4:21 PM, Paul Moore wrote:
> Add a new LSM notifier event, LSM_STARTED_ALL, which is fired once at
> boot when all of the LSMs have been started.
>
> Reviewed-by: Kees Cook <k...@kernel.org>
> Signed-off-by: Paul Moore <p...@paul-moore.com>
Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com>
> ---
> include/linux/security.h | 1 +
> security/lsm_init.c | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index c57a9a7499ea..b9cace094f0f 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -85,6 +85,7 @@ struct timezone;
>
> enum lsm_event {
> LSM_POLICY_CHANGE,
> + LSM_STARTED_ALL,
> };
>
> struct dm_verity_digest {
> diff --git a/security/lsm_init.c b/security/lsm_init.c
> index f178a9a2f9d4..6812a13f64c9 100644
> --- a/security/lsm_init.c
> +++ b/security/lsm_init.c
> @@ -550,6 +550,7 @@ static int __init security_initcall_late(void)
>
> rc = lsm_initcall(late);
> lsm_pr_dbg("all enabled LSMs fully activated\n");
> + call_blocking_lsm_notifier(LSM_STARTED_ALL, NULL);
>
> return rc;
> }
