diff options
Diffstat (limited to 'init')
-rw-r--r-- | init/Kconfig | 5 | ||||
-rw-r--r-- | init/main.c | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index 92c867e25a29..b4daad2bac23 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -2061,6 +2061,11 @@ config MODULE_SIG kernel build dependency so that the signing tool can use its crypto library. + You should enable this option if you wish to use either + CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via + another LSM - otherwise unsigned modules will be loadable regardless + of the lockdown policy. + !!!WARNING!!! If you enable this option, you MUST make sure that the module DOES NOT get stripped after being signed. This includes the debuginfo strip done by some packagers (such as rpmbuild) and diff --git a/init/main.c b/init/main.c index 208b8fa1808e..91f6ebb30ef0 100644 --- a/init/main.c +++ b/init/main.c @@ -593,6 +593,7 @@ asmlinkage __visible void __init start_kernel(void) boot_cpu_init(); page_address_init(); pr_notice("%s", linux_banner); + early_security_init(); setup_arch(&command_line); setup_command_line(command_line); setup_nr_cpu_ids(); |