Enable lockdown LSM early in init
configname: CONFIG_SECURITY_LOCKDOWN_LSM_EARLY
Linux Kernel Configuration
└─>Security options
└─>Enable lockdown LSM early in init
In linux kernel since version 5.1 (release Date: 2019-05-05)
Enable the lockdown LSM early in boot. This is necessary in order
to ensure that lockdown enforcement can be carried out on kernel
boot parameters that are otherwise parsed before the security
subsystem is fully initialised. If enabled, lockdown will
unconditionally be called before any other LSMs.
to ensure that lockdown enforcement can be carried out on kernel
boot parameters that are otherwise parsed before the security
subsystem is fully initialised. If enabled, lockdown will
unconditionally be called before any other LSMs.