On 27 June 2017 at 20:51, Christoph Hellwig <hch@infradead.org> wrote:

> On Tue, Jun 27, 2017 at 08:33:23PM +0300, Igor Stoppa wrote:
>
> [...]


> > The default value is disabled, unless SE Linux debugging is turned on.
>
> Can we please just force it to be read-only?
>

I'm sorry, I'm not quite sure I understand your comment.

I'm trying to replicate the behavior of __lsm_ro_after_init:

line 1967 @ [1]   - Did I get it wrong?

thanks, igor



[1]
https://kernel.googlesource.com/pub/scm/linux/kernel/git/jmorris/linux-security/+/5965453d5e3fb425e6f9d6b4fec403bda3f33107/include/linux/lsm_hooks.h