From: Kees Cook <keescook@chromium.org>
To: James Morris <jmorris@namei.org>
Cc: Kees Cook <keescook@chromium.org>,
Casey Schaufler <casey@schaufler-ca.com>,
John Johansen <john.johansen@canonical.com>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
"Schaufler, Casey" <casey.schaufler@intel.com>,
LSM <linux-security-module@vger.kernel.org>,
Jonathan Corbet <corbet@lwn.net>,
linux-doc@vger.kernel.org, linux-arch@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization
Date: Thu, 20 Sep 2018 09:23:38 -0700 [thread overview]
Message-ID: <20180920162338.21060-27-keescook@chromium.org> (raw)
In-Reply-To: <20180920162338.21060-1-keescook@chromium.org>
This removes CONFIG_DEFAULT_SECURITY in favor of the explicit build-time
ordering offered by CONFIG_LSM_ORDER, and adds all the exclusive LSMs
to the ordered LSM initialization.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
security/Kconfig | 39 +--------------------------------------
security/security.c | 23 +----------------------
2 files changed, 2 insertions(+), 60 deletions(-)
diff --git a/security/Kconfig b/security/Kconfig
index 33c9ac3cb759..a2e365420919 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -239,46 +239,9 @@ source security/yama/Kconfig
source security/integrity/Kconfig
-choice
- prompt "Default security module"
- default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
- default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
- default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
- default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
- default DEFAULT_SECURITY_DAC
-
- help
- Select the security module that will be used by default if the
- kernel parameter security= is not specified.
-
- config DEFAULT_SECURITY_SELINUX
- bool "SELinux" if SECURITY_SELINUX=y
-
- config DEFAULT_SECURITY_SMACK
- bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
-
- config DEFAULT_SECURITY_TOMOYO
- bool "TOMOYO" if SECURITY_TOMOYO=y
-
- config DEFAULT_SECURITY_APPARMOR
- bool "AppArmor" if SECURITY_APPARMOR=y
-
- config DEFAULT_SECURITY_DAC
- bool "Unix Discretionary Access Controls"
-
-endchoice
-
-config DEFAULT_SECURITY
- string
- default "selinux" if DEFAULT_SECURITY_SELINUX
- default "smack" if DEFAULT_SECURITY_SMACK
- default "tomoyo" if DEFAULT_SECURITY_TOMOYO
- default "apparmor" if DEFAULT_SECURITY_APPARMOR
- default "" if DEFAULT_SECURITY_DAC
-
config LSM_ORDER
string "Default initialization order of builtin LSMs"
- default "yama,loadpin,integrity"
+ default "yama,loadpin,integrity,selinux,smack,tomoyo,apparmor"
help
A comma-separated list of LSMs, in initialization order.
Any LSMs left off this list will be link-order initialized
diff --git a/security/security.c b/security/security.c
index f076fdc6b451..628e62fda5fe 100644
--- a/security/security.c
+++ b/security/security.c
@@ -130,7 +130,6 @@ static void __init parse_lsm_order(const char *order, const char *origin)
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
if (lsm->order == LSM_ORDER_MUTABLE &&
- (lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0 &&
strcmp(lsm->name, name) == 0) {
append_ordered_lsm(lsm, origin);
found = true;
@@ -163,8 +162,7 @@ static void __init prepare_lsm_order(void)
/* Add any missing LSMs, in link order. */
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
- if (lsm->order == LSM_ORDER_MUTABLE &&
- (lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0)
+ if (lsm->order == LSM_ORDER_MUTABLE)
append_ordered_lsm(lsm, "link-time");
}
@@ -222,18 +220,6 @@ static void __init ordered_lsm_init(void)
maybe_initialize_lsm(*lsm);
}
-static void __init major_lsm_init(void)
-{
- struct lsm_info *lsm;
-
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
- if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0)
- continue;
-
- maybe_initialize_lsm(lsm);
- }
-}
-
/**
* security_init - initializes the security framework
*
@@ -253,8 +239,6 @@ int __init security_init(void)
GFP_KERNEL);
/* Process "security=", if given. */
- if (!chosen_major_lsm)
- chosen_major_lsm = CONFIG_DEFAULT_SECURITY;
if (chosen_major_lsm) {
struct lsm_info *lsm;
@@ -275,11 +259,6 @@ int __init security_init(void)
prepare_lsm_order();
ordered_lsm_init();
- /*
- * Load all the remaining security modules.
- */
- major_lsm_init();
-
kfree(ordered_lsms);
return 0;
}
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: keescook@chromium.org (Kees Cook)
To: linux-security-module@vger.kernel.org
Subject: [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization
Date: Thu, 20 Sep 2018 09:23:38 -0700 [thread overview]
Message-ID: <20180920162338.21060-27-keescook@chromium.org> (raw)
In-Reply-To: <20180920162338.21060-1-keescook@chromium.org>
This removes CONFIG_DEFAULT_SECURITY in favor of the explicit build-time
ordering offered by CONFIG_LSM_ORDER, and adds all the exclusive LSMs
to the ordered LSM initialization.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
security/Kconfig | 39 +--------------------------------------
security/security.c | 23 +----------------------
2 files changed, 2 insertions(+), 60 deletions(-)
diff --git a/security/Kconfig b/security/Kconfig
index 33c9ac3cb759..a2e365420919 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -239,46 +239,9 @@ source security/yama/Kconfig
source security/integrity/Kconfig
-choice
- prompt "Default security module"
- default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
- default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
- default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
- default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR
- default DEFAULT_SECURITY_DAC
-
- help
- Select the security module that will be used by default if the
- kernel parameter security= is not specified.
-
- config DEFAULT_SECURITY_SELINUX
- bool "SELinux" if SECURITY_SELINUX=y
-
- config DEFAULT_SECURITY_SMACK
- bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y
-
- config DEFAULT_SECURITY_TOMOYO
- bool "TOMOYO" if SECURITY_TOMOYO=y
-
- config DEFAULT_SECURITY_APPARMOR
- bool "AppArmor" if SECURITY_APPARMOR=y
-
- config DEFAULT_SECURITY_DAC
- bool "Unix Discretionary Access Controls"
-
-endchoice
-
-config DEFAULT_SECURITY
- string
- default "selinux" if DEFAULT_SECURITY_SELINUX
- default "smack" if DEFAULT_SECURITY_SMACK
- default "tomoyo" if DEFAULT_SECURITY_TOMOYO
- default "apparmor" if DEFAULT_SECURITY_APPARMOR
- default "" if DEFAULT_SECURITY_DAC
-
config LSM_ORDER
string "Default initialization order of builtin LSMs"
- default "yama,loadpin,integrity"
+ default "yama,loadpin,integrity,selinux,smack,tomoyo,apparmor"
help
A comma-separated list of LSMs, in initialization order.
Any LSMs left off this list will be link-order initialized
diff --git a/security/security.c b/security/security.c
index f076fdc6b451..628e62fda5fe 100644
--- a/security/security.c
+++ b/security/security.c
@@ -130,7 +130,6 @@ static void __init parse_lsm_order(const char *order, const char *origin)
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
if (lsm->order == LSM_ORDER_MUTABLE &&
- (lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0 &&
strcmp(lsm->name, name) == 0) {
append_ordered_lsm(lsm, origin);
found = true;
@@ -163,8 +162,7 @@ static void __init prepare_lsm_order(void)
/* Add any missing LSMs, in link order. */
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
- if (lsm->order == LSM_ORDER_MUTABLE &&
- (lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0)
+ if (lsm->order == LSM_ORDER_MUTABLE)
append_ordered_lsm(lsm, "link-time");
}
@@ -222,18 +220,6 @@ static void __init ordered_lsm_init(void)
maybe_initialize_lsm(*lsm);
}
-static void __init major_lsm_init(void)
-{
- struct lsm_info *lsm;
-
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
- if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) == 0)
- continue;
-
- maybe_initialize_lsm(lsm);
- }
-}
-
/**
* security_init - initializes the security framework
*
@@ -253,8 +239,6 @@ int __init security_init(void)
GFP_KERNEL);
/* Process "security=", if given. */
- if (!chosen_major_lsm)
- chosen_major_lsm = CONFIG_DEFAULT_SECURITY;
if (chosen_major_lsm) {
struct lsm_info *lsm;
@@ -275,11 +259,6 @@ int __init security_init(void)
prepare_lsm_order();
ordered_lsm_init();
- /*
- * Load all the remaining security modules.
- */
- major_lsm_init();
-
kfree(ordered_lsms);
return 0;
}
--
2.17.1
next prev parent reply other threads:[~2018-09-20 16:30 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-20 16:23 [PATCH security-next v2 00/26] LSM: Explict LSM ordering Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 01/26] LSM: Correctly announce start of LSM initialization Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 23:39 ` Casey Schaufler
2018-09-20 23:39 ` Casey Schaufler
2018-09-20 16:23 ` [PATCH security-next v2 02/26] vmlinux.lds.h: Avoid copy/paste of security_init section Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 03/26] LSM: Rename .security_initcall section to .lsm_info Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 04/26] LSM: Remove initcall tracing Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 05/26] LSM: Convert from initcall to struct lsm_info Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 06/26] vmlinux.lds.h: Move LSM_TABLE into INIT_DATA Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 07/26] LSM: Convert security_initcall() into DEFINE_LSM() Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 08/26] LSM: Record LSM name in struct lsm_info Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 09/26] LSM: Provide init debugging infrastructure Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 10/26] LSM: Don't ignore initialization failures Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 11/26] LSM: Introduce LSM_FLAG_LEGACY_MAJOR Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 12/26] LSM: Provide separate ordered initialization Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 13/26] LSM: Plumb visibility into optional "enabled" state Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 14/26] LSM: Lift LSM selection out of individual LSMs Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 15/26] LSM: Introduce lsm.enable= and lsm.disable= Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 16/26] LSM: Prepare for reorganizing "security=" logic Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 17/26] LSM: Refactor "security=" in terms of enable/disable Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 18/26] LSM: Build ordered list of ordered LSMs for init Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-21 0:04 ` Casey Schaufler
2018-09-21 0:04 ` Casey Schaufler
2018-09-21 0:37 ` Kees Cook
2018-09-21 0:37 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 19/26] LSM: Introduce CONFIG_LSM_ORDER Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-21 0:10 ` Casey Schaufler
2018-09-21 0:10 ` Casey Schaufler
2018-09-21 0:14 ` Casey Schaufler
2018-09-21 0:14 ` Casey Schaufler
2018-09-20 16:23 ` [PATCH security-next v2 20/26] LSM: Introduce "lsm.order=" for boottime ordering Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-21 0:12 ` Casey Schaufler
2018-09-21 0:12 ` Casey Schaufler
2018-09-21 0:40 ` Kees Cook
2018-09-21 0:40 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 21/26] LoadPin: Initialize as ordered LSM Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 22/26] Yama: " Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 23/26] LSM: Introduce enum lsm_order Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 24/26] capability: Mark as LSM_ORDER_FIRST Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` [PATCH security-next v2 25/26] LSM: Separate idea of "major" LSM from "exclusive" LSM Kees Cook
2018-09-20 16:23 ` Kees Cook
2018-09-20 16:23 ` Kees Cook [this message]
2018-09-20 16:23 ` [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization Kees Cook
2018-09-21 0:25 ` Casey Schaufler
2018-09-21 0:25 ` Casey Schaufler
2018-09-21 0:45 ` Kees Cook
2018-09-21 0:45 ` Kees Cook
2018-09-21 1:10 ` Casey Schaufler
2018-09-21 1:10 ` Casey Schaufler
2018-09-21 1:39 ` John Johansen
2018-09-21 1:39 ` John Johansen
2018-09-21 2:05 ` Kees Cook
2018-09-21 2:05 ` Kees Cook
2018-09-21 2:14 ` John Johansen
2018-09-21 2:14 ` John Johansen
2018-09-21 3:02 ` Kees Cook
2018-09-21 3:02 ` Kees Cook
2018-09-21 13:19 ` John Johansen
2018-09-21 13:19 ` John Johansen
2018-09-21 14:57 ` Casey Schaufler
2018-09-21 14:57 ` Casey Schaufler
2018-09-20 20:14 ` [PATCH security-next v2 00/26] LSM: Explict LSM ordering Martin Steigerwald
2018-09-20 20:14 ` Martin Steigerwald
2018-09-20 21:55 ` Kees Cook
2018-09-20 21:55 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180920162338.21060-27-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=casey.schaufler@intel.com \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.