On 7/21/2025 4:21 PM, Paul Moore wrote:
> This will display all of the LSMs built into the kernel, regardless
> of if they are enabled or not.
>
> Signed-off-by: Paul Moore <p...@paul-moore.com>
Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com>
> ---
> security/lsm_init.c | 19 ++++++++++++++++++-
> 1 file changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/security/lsm_init.c b/security/lsm_init.c
> index 0a8e4c725055..7e794f4515ea 100644
> --- a/security/lsm_init.c
> +++ b/security/lsm_init.c
> @@ -360,6 +360,8 @@ int __init early_security_init(void)
> {
> struct lsm_info *lsm;
>
> + /* NOTE: lsm_pr_dbg() doesn't work here as lsm_debug is not yet set */
> +
> lsm_early_for_each_raw(lsm) {
> lsm_enabled_set(lsm, true);
> lsm_order_append(lsm, "early");
> @@ -382,9 +384,24 @@ int __init security_init(void)
> struct lsm_info **lsm;
>
> if (lsm_debug) {
> - lsm_pr("built-in LSM list: %s\n", lsm_order_builtin);
> + struct lsm_info *i;
> +
> + cnt = 0;
> + lsm_pr("available LSMs: ");
> + lsm_early_for_each_raw(i)
> + lsm_pr_cont("%s%s(E)", (cnt++ ? "," : ""), i->id->name);
> + lsm_for_each_raw(i)
> + lsm_pr_cont("%s%s", (cnt++ ? "," : ""), i->id->name);
> + lsm_pr_cont("\n");
> +
> + lsm_pr("built-in LSM config: %s\n", lsm_order_builtin);
> +
> lsm_pr("legacy LSM parameter: %s\n", lsm_order_legacy);
> lsm_pr("boot LSM parameter: %s\n", lsm_order_cmdline);
> +
> + /* see the note about lsm_pr_dbg() in early_security_init() */
> + lsm_early_for_each_raw(i)
> + lsm_pr("enabled LSM early:%s\n", i->id->name);
> }
>
> if (lsm_order_cmdline) {
