From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from sonic304-28.consmr.mail.ne1.yahoo.com ([66.163.191.154]:33989 "EHLO sonic304-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726890AbeINFUc (ORCPT ); Fri, 14 Sep 2018 01:20:32 -0400 Subject: Re: [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock To: Kees Cook Cc: Paul Moore , linux-security-module , James Morris , LKML , SE Linux , John Johansen , Tetsuo Handa , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , "Schaufler, Casey" References: <99cb1ae7-8881-eb9a-a8cb-a787abe454e1@schaufler-ca.com> From: Casey Schaufler Message-ID: <5b983bba-049c-795a-3354-a2e8ab33cecf@schaufler-ca.com> Date: Thu, 13 Sep 2018 17:08:41 -0700 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On 9/13/2018 4:57 PM, Kees Cook wrote: > On Thu, Sep 13, 2018 at 4:51 PM, Casey Schaufler wrote: >> On 9/13/2018 4:06 PM, Kees Cook wrote: >>> - what order should any stacking happen? Makefile? security=? >> Makefile by default. > Okay, if ordering is by Makefile and everyone dislikes my > $lsm.enabled=0/1 thing, then these mean the same thing: > > security=selinux,tomoyo > security=tomoyo,selinux > > i.e. order of security= is _ignored_ in favor of the Makefile ordering. No, I think that the two lines above should have a different execution order. If we really need to specify multiple modules at boot time that is what makes the most sense. It's a matter of mechanics and probably another pass during the init process, but it's doable. If we determine it's necessary for this stage it is just work.