lsm: add a LSM_STARTED_ALL notification event

pcmoore · pcmoore · commit dfa024bc3f67 · 2025-10-22T19:24:29.000-04:00
Add a new LSM notifier event, LSM_STARTED_ALL, which is fired once at
boot when all of the LSMs have been started.

Reviewed-by: Kees Cook &lt;kees@kernel.org&gt;
Reviewed-by: Casey Schaufler &lt;casey@schaufler-ca.com&gt;
Reviewed-by: John Johansen &lt;john.johhansen@canonical.com&gt;
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
diff --git a/include/linux/security.h b/include/linux/security.h
@@ -85,6 +85,7 @@ struct timezone;
 
 enum lsm_event {
 	LSM_POLICY_CHANGE,
+	LSM_STARTED_ALL,
 };
 
 struct dm_verity_digest {
diff --git a/security/lsm_init.c b/security/lsm_init.c
@@ -556,6 +556,7 @@ static int __init security_initcall_late(void)
 
 	rc = lsm_initcall(late);
 	lsm_pr_dbg("all enabled LSMs fully activated\n");
+	call_blocking_lsm_notifier(LSM_STARTED_ALL, NULL);
 
 	return rc;
 }

Original file line number	Diff line number	Diff line change
`@@ -556,6 +556,7 @@ static int __init security_initcall_late(void)`
`556`	`556`
`557`	`557`	`rc = lsm_initcall(late);`
`558`	`558`	`lsm_pr_dbg("all enabled LSMs fully activated\n");`
	`559`	`+ call_blocking_lsm_notifier(LSM_STARTED_ALL, NULL);`
`559`	`560`
`560`	`561`	`return rc;`
`561`	`562`	`}`