Re: [RFC PATCH v2] security,lockdown,selinux: implement SELinux lockdown

avc: denied { confidentiality } for pid=4628 comm="cp" lockdown_reason="/proc/kcore access" scontext=unconfined_u:unconfined_r:test_lockdown_integrity_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:test_lockdown_integrity_t:s0-s0:c0.c1023 tclass=lockdown permissive=0 Signed-off-by: Stephen Smalley <sds(a)tycho.nsa.gov&gt; --- include/linux/lsm_audit.h | 2 ++ include/linux/security.h | 2 ++ security/lockdown/lockdown.c | 24 ----------------------- security/lsm_audit.c | 5 +++++ security/security.c | 30 +++++++++++++++++++++++++++++ security/selinux/hooks.c | 30 +++++++++++++++++++++++++++++ security/selinux/include/classmap.h | 2 ++ 7 files changed, 71 insertions(+), 24 deletions(-)