From: John Johansen <john.johansen@canonical.com>
To: Kees Cook <keescook@chromium.org>
Cc: Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
Casey Schaufler <casey@schaufler-ca.com>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Stephen Smalley <sds@tycho.nsa.gov>,
"Schaufler, Casey" <casey.schaufler@intel.com>,
LSM <linux-security-module@vger.kernel.org>,
Jonathan Corbet <corbet@lwn.net>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable=
Date: Mon, 1 Oct 2018 16:57:51 -0700 [thread overview]
Message-ID: <0b6c66ab-7cfe-da99-40e7-d36a81ac79ef@canonical.com> (raw)
In-Reply-To: <CAGXu5jJ6ZDs1hZTX9jS9w2MmecbcbMcn6iAmGuyCBbThyjv_iA@mail.gmail.com>
On 10/01/2018 04:38 PM, Kees Cook wrote:
> On Mon, Oct 1, 2018 at 4:30 PM, Kees Cook <keescook@chromium.org> wrote:
>> If we keep it, "apparmor=0 lsm_enable=apparmor" would mean it's
>> enabled. Is that okay?
>
> Actually, what the v3 series does right now is leaves AppArmor and
> SELinux alone -- whatever they configured for enable/disable is left
> alone.
>
> The problem I have is when processing CONFIG_LSM_ENABLE ... what do I
> do with the existing "enable" flag? It's set by both
> CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE and apparmor=0/1.
>
> Right now I can't tell the difference between someone booting with
> apparmor=0 or CONFIG_LSM_ENABLE not including apparmor.
>
> i.e. how do I mix CONFIG_LSM_ENABLE with apparmor=0/1? (assuming
> CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE has been removed)
>
right, Its a mess and confusing not just us but for the user. I think
it is worth considering removing the apparmor= and apparmor.enabled
options so that we can clean this up.
If we do keep it, there are three options
1. last option wins (above)
2. add more states so we can track the different combination (more
complex and probably not worth it)
3. we ignore any apparmor=1 (he default state) and only look at
whether apparmor.enabled has been toggled to 0 during setup.
At which point it stays that way.
if we keep it, I think an explicit disable should win, so
option 3, but I can live with 1.
next prev parent reply other threads:[~2018-10-01 23:57 UTC|newest]
Thread overview: 164+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-25 0:18 [PATCH security-next v3 00/29] LSM: Explict LSM ordering Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 01/29] LSM: Correctly announce start of LSM initialization Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 19:53 ` James Morris
2018-10-01 19:53 ` James Morris
2018-10-01 21:05 ` John Johansen
2018-10-01 21:05 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 02/29] vmlinux.lds.h: Avoid copy/paste of security_init section Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 19:56 ` James Morris
2018-10-01 19:56 ` James Morris
2018-10-01 21:05 ` John Johansen
2018-10-01 21:05 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 03/29] LSM: Rename .security_initcall section to .lsm_info Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 19:57 ` James Morris
2018-10-01 19:57 ` James Morris
2018-10-01 21:06 ` John Johansen
2018-10-01 21:06 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 04/29] LSM: Remove initcall tracing Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-09-26 16:35 ` Steven Rostedt
2018-09-26 16:35 ` Steven Rostedt
2018-09-26 18:35 ` Kees Cook
2018-09-26 18:35 ` Kees Cook
2018-09-30 23:25 ` Steven Rostedt
2018-09-30 23:25 ` Steven Rostedt
2018-10-01 1:01 ` Kees Cook
2018-10-01 1:01 ` Kees Cook
2018-10-01 21:07 ` John Johansen
2018-10-01 21:07 ` John Johansen
2018-10-01 21:23 ` Steven Rostedt
2018-10-01 21:23 ` Steven Rostedt
2018-10-01 22:38 ` Kees Cook
2018-10-01 22:38 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 05/29] LSM: Convert from initcall to struct lsm_info Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 19:59 ` James Morris
2018-10-01 19:59 ` James Morris
2018-10-01 21:08 ` John Johansen
2018-10-01 21:08 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 06/29] vmlinux.lds.h: Move LSM_TABLE into INIT_DATA Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:10 ` John Johansen
2018-10-01 21:10 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 07/29] LSM: Convert security_initcall() into DEFINE_LSM() Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:12 ` John Johansen
2018-10-01 21:12 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 08/29] LSM: Record LSM name in struct lsm_info Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:13 ` John Johansen
2018-10-01 21:13 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 09/29] LSM: Provide init debugging infrastructure Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:14 ` John Johansen
2018-10-01 21:14 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 10/29] LSM: Don't ignore initialization failures Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:14 ` John Johansen
2018-10-01 21:14 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 11/29] LSM: Introduce LSM_FLAG_LEGACY_MAJOR Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:15 ` John Johansen
2018-10-01 21:15 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 12/29] LSM: Provide separate ordered initialization Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:17 ` John Johansen
2018-10-01 21:17 ` John Johansen
2018-10-01 22:03 ` Kees Cook
2018-10-01 22:03 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 13/29] LoadPin: Rename "enable" to "enforce" Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:17 ` John Johansen
2018-10-01 21:17 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 14/29] LSM: Plumb visibility into optional "enabled" state Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:18 ` John Johansen
2018-10-01 21:18 ` John Johansen
2018-10-01 21:47 ` James Morris
2018-10-01 21:47 ` James Morris
2018-10-01 21:56 ` Kees Cook
2018-10-01 21:56 ` Kees Cook
2018-10-01 22:20 ` John Johansen
2018-10-01 22:20 ` John Johansen
2018-10-01 22:29 ` Kees Cook
2018-10-01 22:29 ` Kees Cook
2018-10-01 22:53 ` John Johansen
2018-10-01 22:53 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 15/29] LSM: Lift LSM selection out of individual LSMs Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:18 ` John Johansen
2018-10-01 21:18 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 16/29] LSM: Prepare for arbitrary LSM enabling Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:22 ` John Johansen
2018-10-01 21:22 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 17/29] LSM: Introduce CONFIG_LSM_ENABLE Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:34 ` John Johansen
2018-10-01 21:34 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable= Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:46 ` John Johansen
2018-10-01 21:46 ` John Johansen
2018-10-01 22:27 ` Kees Cook
2018-10-01 22:27 ` Kees Cook
2018-10-01 22:48 ` John Johansen
2018-10-01 22:48 ` John Johansen
2018-10-01 23:30 ` Kees Cook
2018-10-01 23:30 ` Kees Cook
2018-10-01 23:38 ` Kees Cook
2018-10-01 23:38 ` Kees Cook
2018-10-01 23:57 ` John Johansen [this message]
2018-10-01 23:57 ` John Johansen
2018-10-01 23:44 ` John Johansen
2018-10-01 23:44 ` John Johansen
2018-10-01 23:49 ` Kees Cook
2018-10-01 23:49 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 19/29] LSM: Prepare for reorganizing "security=" logic Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-10-01 21:47 ` John Johansen
2018-10-01 21:47 ` John Johansen
2018-09-25 0:18 ` [PATCH security-next v3 20/29] LSM: Refactor "security=" in terms of enable/disable Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 21/29] LSM: Build ordered list of ordered LSMs for init Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 22/29] LSM: Introduce CONFIG_LSM_ORDER Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 23/29] LSM: Introduce "lsm.order=" for boottime ordering Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 24/29] LoadPin: Initialize as ordered LSM Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 25/29] Yama: " Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 26/29] LSM: Introduce enum lsm_order Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 27/29] capability: Initialize as LSM_ORDER_FIRST Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 28/29] LSM: Separate idea of "major" LSM from "exclusive" LSM Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-09-25 0:18 ` [PATCH security-next v3 29/29] LSM: Add all exclusive LSMs to ordered initialization Kees Cook
2018-09-25 0:18 ` Kees Cook
2018-09-28 15:55 ` [PATCH security-next v3 00/29] LSM: Explict LSM ordering Casey Schaufler
2018-09-28 15:55 ` Casey Schaufler
2018-09-28 20:01 ` Kees Cook
2018-09-28 20:01 ` Kees Cook
2018-09-28 20:25 ` Stephen Smalley
2018-09-28 20:25 ` Stephen Smalley
2018-09-28 20:33 ` Stephen Smalley
2018-09-28 20:33 ` Stephen Smalley
2018-09-28 20:54 ` Kees Cook
2018-09-28 20:54 ` Kees Cook
2018-09-29 10:48 ` Tetsuo Handa
2018-09-29 10:48 ` Tetsuo Handa
2018-09-29 18:18 ` Kees Cook
2018-09-29 18:18 ` Kees Cook
2018-09-30 2:36 ` Tetsuo Handa
2018-09-30 2:36 ` Tetsuo Handa
2018-09-30 16:57 ` Kees Cook
2018-09-30 16:57 ` Kees Cook
2018-09-29 18:19 ` John Johansen
2018-09-29 18:19 ` John Johansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0b6c66ab-7cfe-da99-40e7-d36a81ac79ef@canonical.com \
--to=john.johansen@canonical.com \
--cc=casey.schaufler@intel.com \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).