lsm: add IPE lsm

Integrity Policy Enforcement (IPE) is an LSM that provides an complimentary approach to Mandatory Access Control than existing LSMs today. Existing LSMs have centered around the concept of access to a resource should be controlled by the current user's credentials. IPE's approach, is that access to a resource should be controlled by the system's trust of a current resource. The basis of this approach is defining a global policy to specify which resource can be trusted. Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> [PM: subject line tweak] Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Deven Bowers <deven.desai@linux.microsoft.com> 2024-08-02 23:08:15 -0700
committer: Paul Moore <paul@paul-moore.com> 2024-08-19 22:36:26 -0400
commit: 0311507792b54069ac72e0a6c6b35c5d40aadad8 (patch)
tree: 6d74be50e686df975fdec73c65ce920826f2ae32 /security/security.c
parent: 9ee6881454345c4bb518e9478415b32731da9858 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/security/security.c b/security/security.c
index 611d3c124ba6..645a660320cb 100644
--- a/security/security.c
+++ b/security/security.c
@@ -53,7 +53,8 @@
 	(IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \
 	(IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0) + \
 	(IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \
-	(IS_ENABLED(CONFIG_EVM) ? 1 : 0))
+	(IS_ENABLED(CONFIG_EVM) ? 1 : 0) + \
+	(IS_ENABLED(CONFIG_SECURITY_IPE) ? 1 : 0))
 
 /*
  * These are descriptions of the reasons that can be passed to the
author	Deven Bowers <deven.desai@linux.microsoft.com>	2024-08-02 23:08:15 -0700
committer	Paul Moore <paul@paul-moore.com>	2024-08-19 22:36:26 -0400
commit	0311507792b54069ac72e0a6c6b35c5d40aadad8 (patch)
tree	6d74be50e686df975fdec73c65ce920826f2ae32 /security/security.c
parent	9ee6881454345c4bb518e9478415b32731da9858 (diff)