linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Mickaël Salaün" <mic@digikod.net>
To: James Morris <jmorris@namei.org>, "Serge E . Hallyn" <serge@hallyn.com>
Cc: "Mickaël Salaün" <mic@digikod.net>,
	"Casey Schaufler" <casey@schaufler-ca.com>,
	"Kees Cook" <keescook@chromium.org>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	"Mickaël Salaün" <mic@linux.microsoft.com>
Subject: [PATCH v3 1/1] security: Add CONFIG_LSM_AUTO to handle default LSM stack ordering
Date: Mon, 22 Feb 2021 16:06:08 +0100	[thread overview]
Message-ID: <20210222150608.808146-2-mic@digikod.net> (raw)
In-Reply-To: <20210222150608.808146-1-mic@digikod.net>

From: Mickaël Salaün <mic@linux.microsoft.com>

Add a new option CONFIG_LSM_AUTO to enable users to delegate default LSM
stacking order to kernel developers.  This enable to keep a consistent
order of enabled LSM when changing the LSM selection, especially when a
new LSM is added to the kernel.

CONFIG_LSM depends on !CONFIG_LSM_AUTO, which is backward compatible and
gives the opportunity to users to select CONFIG_LSM_AUTO with a make
oldconfig.

CONFIG_LSM and CONFIG_LSM_AUTO depend on CONFIG_SECURITY, which makes
sense because an LSM depends on the security framework.

Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: James Morris <jmorris@namei.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Link: https://lore.kernel.org/r/20210222150608.808146-2-mic@digikod.net
---

Changes since v2:
* Revamp without virtual dependencies but a new option to automatically
  enable all selected LSMs.

Changes since v1:
* Add CONFIG_SECURITY as a dependency of CONFIG_LSM.  This prevent an
  error when building without any LSMs.
---
 security/Kconfig    | 19 +++++++++++++++++++
 security/security.c | 26 +++++++++++++++++++++++++-
 2 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/security/Kconfig b/security/Kconfig
index 7561f6f99f1d..fae083e9867d 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -243,6 +243,7 @@ source "security/integrity/Kconfig"
 
 choice
 	prompt "First legacy 'major LSM' to be initialized"
+	depends on SECURITY
 	default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX
 	default DEFAULT_SECURITY_SMACK if SECURITY_SMACK
 	default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO
@@ -275,8 +276,26 @@ choice
 
 endchoice
 
+config LSM_AUTO
+	bool "Automatically enable all selected LSMs at boot"
+	depends on SECURITY
+	default y
+	help
+	  This automatically configure the build-time selected LSMs to be
+	  enabled at boot unless the "lsm=" parameter is provided.
+
+	  If this option is not selected, it will be required to configure and
+	  maintained a static list of enabled LSMs that may become inconsistent
+	  with future user configuration.  Indeed, this list will not be
+	  automatically upgraded when selecting a new (future) LSM, e.g. with
+	  make oldconfig.
+
+	  If you are unsure how to answer this question, answer Y.
+
+# This lists should be synchronized with LSM_ORDER defined in security/security.c .
 config LSM
 	string "Ordered list of enabled LSMs"
+	depends on SECURITY && !LSM_AUTO
 	default "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
 	default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
 	default "lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
diff --git a/security/security.c b/security/security.c
index 401663b5b70e..defa1d2c40a3 100644
--- a/security/security.c
+++ b/security/security.c
@@ -82,7 +82,31 @@ static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init;
 static __initdata const char *chosen_lsm_order;
 static __initdata const char *chosen_major_lsm;
 
-static __initconst const char * const builtin_lsm_order = CONFIG_LSM;
+#ifdef CONFIG_LSM
+#define LSM_ORDER	CONFIG_LSM
+#else
+
+/*
+ * This lists should be synchronized with the default values of CONFIG_LSM
+ * defined in security/Kconfig .
+ */
+#define LSM_ORDER_PRE	"lockdown,yama,loadpin,safesetid,integrity,"
+
+#if defined(CONFIG_DEFAULT_SECURITY_SMACK)
+#define LSM_ORDER	LSM_ORDER_PRE "smack,selinux,tomoyo,apparmor,bpf"
+#elif defined(CONFIG_DEFAULT_SECURITY_APPARMOR)
+#define LSM_ORDER	LSM_ORDER_PRE "apparmor,selinux,smack,tomoyo,bpf"
+#elif defined(CONFIG_DEFAULT_SECURITY_TOMOYO)
+#define LSM_ORDER	LSM_ORDER_PRE "tomoyo,bpf"
+#elif defined(CONFIG_DEFAULT_SECURITY_DAC)
+#define LSM_ORDER	LSM_ORDER_PRE "bpf"
+#else
+#define LSM_ORDER	LSM_ORDER_PRE "selinux,smack,tomoyo,apparmor,bpf"
+#endif
+
+#endif /* CONFIG_LSM */
+
+static __initconst const char * const builtin_lsm_order = LSM_ORDER;
 
 /* Ordered list of LSMs to initialize. */
 static __initdata struct lsm_info **ordered_lsms;
-- 
2.30.0


  reply	other threads:[~2021-02-22 15:06 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-22 15:06 [PATCH v3 0/1] Automatic LSM stack ordering Mickaël Salaün
2021-02-22 15:06 ` Mickaël Salaün [this message]
2021-02-22 16:51   ` [PATCH v3 1/1] security: Add CONFIG_LSM_AUTO to handle default " Casey Schaufler
2021-02-22 18:31     ` Mickaël Salaün
2021-02-22 20:31       ` Casey Schaufler
2021-02-22 21:12         ` Nicolas Iooss
2021-02-22 22:46           ` Casey Schaufler
2021-02-23  6:21             ` Nicolas Iooss
2022-10-17 19:25             ` Kees Cook
2022-10-18  1:45               ` Paul Moore
2022-10-18  5:55                 ` Kees Cook
2022-10-18 19:31                   ` Paul Moore
2022-11-04 16:29                     ` Mickaël Salaün
2022-11-04 17:20                       ` Casey Schaufler
2022-11-07 12:35                         ` Mickaël Salaün
2022-11-07 17:21                           ` Casey Schaufler
2022-11-07 19:37                             ` Mickaël Salaün
2022-10-20 16:00                   ` Casey Schaufler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210222150608.808146-2-mic@digikod.net \
    --to=mic@digikod.net \
    --cc=casey@schaufler-ca.com \
    --cc=jmorris@namei.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mic@linux.microsoft.com \
    --cc=serge@hallyn.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).