From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
To: Kees Cook <keescook@chromium.org>,
Casey Schaufler <casey@schaufler-ca.com>
Cc: James Morris <jmorris@namei.org>,
John Johansen <john.johansen@canonical.com>,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
"Schaufler, Casey" <casey.schaufler@intel.com>,
LSM <linux-security-module@vger.kernel.org>,
LKLM <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 16/18] LSM: Allow arbitrary LSM ordering
Date: Mon, 17 Sep 2018 09:46:58 +0900 [thread overview]
Message-ID: <e6e7521f-7810-a938-3f0e-daefb6579344@i-love.sakura.ne.jp> (raw)
In-Reply-To: <CAGXu5jK5CzXUii97q_yk3KzBTw0SOmoc=-zcm+3jAqEHe76AgQ@mail.gmail.com>
On 2018/09/17 8:00, Kees Cook wrote:
> On Sun, Sep 16, 2018 at 11:49 AM, Casey Schaufler
> <casey@schaufler-ca.com> wrote:
>> One solution is to leave security= as is, not affecting "minor"
>> modules and only allowing specification of one major module, and adding
>
> I would much prefer this, yes.
>
> A question remains: how do we map the existing "security=" selection
> of a "major" LSM against what will be next "exclusive" plus tomoyo,
> and in the extreme case, nothing?
>
> Perhaps as part of deprecating "security=", we could just declare that
> it is selecting between SELinux, AppArmor, Smack, and Tomoyo only?
>
>> another boot option security.stack= that overrides a security= option
>> and that takes the list as you've implemented here.
>
> or "lsm.stack=" that overrides "security=" entirely?
Yes, I think we can add new option.
For example, introducing lsm= and obsoleting security= (because total length for
kernel command line is limited while enumeration makes the parameter value longer).
security= works like current behavior.
lsm= requires explicit enumeration of all modules (except capability which has to
be always enabled) which should be enabled at boot.
security= is ignored if lsm= is specified.
next prev parent reply other threads:[~2018-09-17 0:47 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-16 0:30 [PATCH 00/18] LSM: Prepare for explict LSM ordering Kees Cook
2018-09-16 0:30 ` [PATCH 01/18] vmlinux.lds.h: Avoid copy/paste of security_init section Kees Cook
2018-09-16 0:30 ` [PATCH 02/18] LSM: Rename .security_initcall section to .lsm_info Kees Cook
2018-09-16 0:30 ` [PATCH 03/18] LSM: Remove initcall tracing Kees Cook
2018-09-16 0:30 ` [PATCH 04/18] LSM: Convert from initcall to struct lsm_info Kees Cook
2018-09-16 0:30 ` [PATCH 05/18] vmlinux.lds.h: Move LSM_TABLE into INIT_DATA Kees Cook
2018-09-16 0:30 ` [PATCH 06/18] LSM: Convert security_initcall() into DEFINE_LSM() Kees Cook
2018-09-16 0:30 ` [PATCH 07/18] LSM: Add minor LSM initialization loop Kees Cook
2018-09-16 1:27 ` Jann Horn
2018-09-16 1:49 ` Kees Cook
2018-09-16 0:30 ` [PATCH 08/18] integrity: Initialize as LSM_TYPE_MINOR Kees Cook
2018-09-16 0:30 ` [PATCH 09/18] LSM: Record LSM name in struct lsm_info Kees Cook
2018-09-16 0:30 ` [PATCH 10/18] LSM: Plumb visibility into optional "enabled" state Kees Cook
2018-09-16 0:30 ` [PATCH 11/18] LSM: Lift LSM selection out of individual LSMs Kees Cook
2018-09-16 1:32 ` Jann Horn
2018-09-16 1:47 ` Kees Cook
2018-09-16 0:30 ` [PATCH 12/18] LSM: Introduce ordering details in struct lsm_info Kees Cook
2018-09-16 0:30 ` [PATCH 13/18] LoadPin: Initialize as LSM_TYPE_MINOR Kees Cook
2018-09-16 0:30 ` [PATCH 14/18] Yama: " Kees Cook
2018-09-16 0:30 ` [PATCH 15/18] capability: " Kees Cook
2018-09-16 0:30 ` [PATCH 16/18] LSM: Allow arbitrary LSM ordering Kees Cook
2018-09-16 18:49 ` Casey Schaufler
2018-09-16 23:00 ` Kees Cook
2018-09-17 0:46 ` Tetsuo Handa [this message]
2018-09-17 15:06 ` Casey Schaufler
2018-09-17 16:24 ` Kees Cook
2018-09-17 17:13 ` Casey Schaufler
2018-09-17 18:14 ` Kees Cook
2018-09-17 19:23 ` Casey Schaufler
2018-09-17 19:55 ` John Johansen
2018-09-17 21:57 ` Casey Schaufler
2018-09-17 22:36 ` John Johansen
2018-09-17 23:10 ` Mickaël Salaün
2018-09-17 23:20 ` Kees Cook
2018-09-17 23:26 ` John Johansen
2018-09-17 23:28 ` Kees Cook
2018-09-17 23:40 ` Casey Schaufler
2018-09-17 23:30 ` Casey Schaufler
2018-09-17 23:47 ` Mickaël Salaün
2018-09-18 0:00 ` Casey Schaufler
2018-09-17 23:25 ` John Johansen
2018-09-17 23:25 ` Casey Schaufler
2018-09-18 0:00 ` Kees Cook
2018-09-18 0:24 ` Casey Schaufler
2018-09-18 0:45 ` Kees Cook
2018-09-18 0:57 ` Casey Schaufler
2018-09-18 0:59 ` Kees Cook
2018-09-18 1:08 ` John Johansen
2018-09-17 19:35 ` John Johansen
2018-09-16 0:30 ` [PATCH 17/18] LSM: Provide init debugging Kees Cook
2018-09-16 0:30 ` [PATCH 18/18] LSM: Don't ignore initialization failures Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e6e7521f-7810-a938-3f0e-daefb6579344@i-love.sakura.ne.jp \
--to=penguin-kernel@i-love.sakura.ne.jp \
--cc=casey.schaufler@intel.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).