From: Casey Schaufler <casey@schaufler-ca.com>
To: Kees Cook <keescook@chromium.org>,
John Johansen <john.johansen@canonical.com>
Cc: Jordan Glover <Golden_Miller83@protonmail.ch>,
James Morris <jmorris@namei.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
Paul Moore <paul@paul-moore.com>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Randy Dunlap <rdunlap@infradead.org>,
LSM <linux-security-module@vger.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH security-next v5 00/30] LSM: Explict ordering
Date: Tue, 23 Oct 2018 09:48:20 -0700 [thread overview]
Message-ID: <96e92224-aedf-5026-d6dd-b29121b4dc0d@schaufler-ca.com> (raw)
In-Reply-To: <CAGXu5j+2yVZ5DQHyqvJKnSYYqRCzeMtEabBwYFOWkTcwMUWhEw@mail.gmail.com>
On 10/12/2018 12:01 PM, Kees Cook wrote:
> On Friday, October 12, 2018 3:19 AM, John Johansen
> <john.johansen@canonical.com> wrote:
>> It isn't perfect but it manages consistency across distros as best as
>> can be achieved atm.
> Yeah, this is why I'm okay with the current series: it provides as
> consistent a view as possible, but leaves room for future improvements
> (like adding "+" or "!" or "all" or whatever).
>
> I'm curious to see what SELinux folks think of v5, though. I *think* I
> addressed all the concerns there, even Paul's "I want my distro
> default to not have extreme stacking" case too.
>
> -Kees
Looks like I should go on vacation more often. :)
I am generally opposed to fancy specification languages.
I support the explicit lsm= list specification because you
don't have to know any context to create a boot line that
will work, and be as close to what you've specified as possible
for the kernel configuration. One need look no further than
the mechanisms for setting POSIX ACLs for an example of
how to ensure a feature isn't used.
Had we the foresight to make security= take a list of
modules when Yama was added we might have avoided some of
this brouhaha, but there was no reason to expect that stacking
was ever going to happen back then.
next prev parent reply other threads:[~2018-10-23 16:48 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-11 0:18 [PATCH security-next v5 00/30] LSM: Explict ordering Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 01/30] LSM: Correctly announce start of LSM initialization Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 02/30] vmlinux.lds.h: Avoid copy/paste of security_init section Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 03/30] LSM: Rename .security_initcall section to .lsm_info Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 04/30] LSM: Remove initcall tracing Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 05/30] LSM: Convert from initcall to struct lsm_info Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 06/30] vmlinux.lds.h: Move LSM_TABLE into INIT_DATA Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 07/30] LSM: Convert security_initcall() into DEFINE_LSM() Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 08/30] LSM: Record LSM name in struct lsm_info Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 09/30] LSM: Provide init debugging infrastructure Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 10/30] LSM: Don't ignore initialization failures Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 11/30] LSM: Introduce LSM_FLAG_LEGACY_MAJOR Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 12/30] LSM: Provide separate ordered initialization Kees Cook
2018-11-02 18:13 ` Mimi Zohar
2018-11-02 20:49 ` Kees Cook
2018-11-05 14:13 ` Mimi Zohar
2018-10-11 0:18 ` [PATCH security-next v5 13/30] LoadPin: Rename boot param "enabled" to "enforce" Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 14/30] LSM: Plumb visibility into optional "enabled" state Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 15/30] LSM: Lift LSM selection out of individual LSMs Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 16/30] LSM: Build ordered list of LSMs to initialize Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 17/30] LSM: Introduce CONFIG_LSM Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 18/30] LSM: Introduce "lsm=" for boottime LSM selection Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 19/30] LSM: Tie enabling logic to presence in ordered list Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 20/30] LSM: Prepare for reorganizing "security=" logic Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 21/30] LSM: Refactor "security=" in terms of enable/disable Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 22/30] LSM: Separate idea of "major" LSM from "exclusive" LSM Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 23/30] apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 24/30] selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 25/30] LSM: Add all exclusive LSMs to ordered initialization Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 26/30] LSM: Split LSM preparation from initialization Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 27/30] LoadPin: Initialize as ordered LSM Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 28/30] Yama: " Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 29/30] LSM: Introduce enum lsm_order Kees Cook
2018-10-11 0:18 ` [PATCH security-next v5 30/30] capability: Initialize as LSM_ORDER_FIRST Kees Cook
2018-10-11 3:45 ` [PATCH security-next v5 00/30] LSM: Explict ordering James Morris
2018-10-11 15:14 ` Kees Cook
2018-10-11 15:52 ` James Morris
2018-10-11 17:57 ` Kees Cook
2018-10-11 22:58 ` Jordan Glover
2018-10-11 23:09 ` Kees Cook
2018-10-11 23:48 ` John Johansen
2018-10-12 0:11 ` Jordan Glover
2018-10-12 1:19 ` John Johansen
2018-10-12 11:31 ` Jordan Glover
2018-10-12 18:24 ` John Johansen
2018-10-12 19:01 ` Kees Cook
2018-10-23 16:48 ` Casey Schaufler [this message]
2018-10-23 18:50 ` Kees Cook
2018-10-23 19:05 ` Casey Schaufler
2018-10-24 8:56 ` Casey Schaufler
2018-10-24 20:12 ` Kees Cook
2018-11-14 21:04 ` Casey Schaufler
2018-11-20 23:36 ` Casey Schaufler
2018-10-11 23:53 ` Jordan Glover
2018-10-12 0:26 ` John Johansen
2018-10-12 11:31 ` Jordan Glover
2018-10-12 18:11 ` John Johansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=96e92224-aedf-5026-d6dd-b29121b4dc0d@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=Golden_Miller83@protonmail.ch \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=rdunlap@infradead.org \
--cc=sds@tycho.nsa.gov \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).