From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yw1-f65.google.com ([209.85.161.65]:37135 "EHLO mail-yw1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727271AbeJCEXe (ORCPT ); Wed, 3 Oct 2018 00:23:34 -0400 Received: by mail-yw1-f65.google.com with SMTP id y14-v6so1430726ywa.4 for ; Tue, 02 Oct 2018 14:38:10 -0700 (PDT) Received: from mail-yb1-f176.google.com (mail-yb1-f176.google.com. [209.85.219.176]) by smtp.gmail.com with ESMTPSA id f194-v6sm8705188ywb.53.2018.10.02.14.38.07 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Oct 2018 14:38:07 -0700 (PDT) Received: by mail-yb1-f176.google.com with SMTP id e16-v6so1445046ybk.8 for ; Tue, 02 Oct 2018 14:38:07 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <20181002005505.6112-1-keescook@chromium.org> <20181002005505.6112-11-keescook@chromium.org> From: Kees Cook Date: Tue, 2 Oct 2018 14:38:05 -0700 Message-ID: Subject: Re: [PATCH security-next v4 10/32] LSM: Don't ignore initialization failures Content-Type: text/plain; charset="UTF-8" Sender: linux-arch-owner@vger.kernel.org List-ID: To: James Morris Cc: Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , Jonathan Corbet , "open list:DOCUMENTATION" , linux-arch , LKML Message-ID: <20181002213805.M1GluLNDLgZXGkHlzTFO-UMuQQnnvRP305UgHl41OQc@z> On Tue, Oct 2, 2018 at 2:20 PM, James Morris wrote: > On Mon, 1 Oct 2018, Kees Cook wrote: > >> LSM initialization failures have traditionally been ignored. We should >> at least WARN when something goes wrong. > > I guess we could have a boot param which specifies what to do if any LSM > fails to init, as I think some folks will want to stop execution at that > point. > > Thoughts? I'm not opposed, but I won't author it because Linus will yell at me about introducing a "machine killing" option. -Kees -- Kees Cook Pixel Security