From: Kees Cook <keescook@chromium.org> To: James Morris <jmorris@namei.org> Cc: Kees Cook <keescook@chromium.org>, Casey Schaufler <casey@schaufler-ca.com>, John Johansen <john.johansen@canonical.com>, Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>, Paul Moore <paul@paul-moore.com>, Stephen Smalley <sds@tycho.nsa.gov>, "Schaufler, Casey" <casey.schaufler@intel.com>, LSM <linux-security-module@vger.kernel.org>, Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH security-next v3 17/29] LSM: Introduce CONFIG_LSM_ENABLE Date: Mon, 24 Sep 2018 17:18:20 -0700 [thread overview] Message-ID: <20180925001832.18322-18-keescook@chromium.org> (raw) In-Reply-To: <20180925001832.18322-1-keescook@chromium.org> To provide a set of default-enabled LSMs at boot, this introduces the new CONFIG_LSM_ENABLE. A value of "all" means all builtin LSMs are enabled by default. Any unlisted LSMs will be implicitly disabled (excepting those with LSM-specific CONFIGs for enabling/disabling). The behavior of the LSM-specific CONFIGs for SELinux are AppArmor unchanged: the default-enabled state for those LSMs remains controlled through their LSM-specific "enable" CONFIGs. Signed-off-by: Kees Cook <keescook@chromium.org> --- include/linux/lsm_hooks.h | 2 +- security/Kconfig | 8 ++++++++ security/security.c | 4 +++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 95798f212dbf..ab23f1bc6d77 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2044,7 +2044,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, struct lsm_info { const char *name; /* Populated automatically. */ unsigned long flags; /* Optional: flags describing LSM */ - int *enabled; /* Optional: NULL means enabled. */ + int *enabled; /* Optional: NULL checks CONFIG_LSM_ENABLE */ int (*init)(void); }; diff --git a/security/Kconfig b/security/Kconfig index 27d8b2688f75..71306b046270 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -276,5 +276,13 @@ config DEFAULT_SECURITY default "apparmor" if DEFAULT_SECURITY_APPARMOR default "" if DEFAULT_SECURITY_DAC +config LSM_ENABLE + string "LSMs to enable at boot time" + default "all" + help + A comma-separate list of LSMs to enable by default at boot. The + default is "all", to enable all LSM modules at boot. Any LSMs + not listed here will be disabled by default. + endmenu diff --git a/security/security.c b/security/security.c index a8107d54b3d3..7ecb9879a863 100644 --- a/security/security.c +++ b/security/security.c @@ -45,6 +45,8 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; +static __initconst const char * const builtin_lsm_enable = CONFIG_LSM_ENABLE; + static bool debug __initdata; #define init_debug(...) \ do { \ @@ -182,7 +184,7 @@ static void __init parse_lsm_enable(const char *str, static void __init prepare_lsm_enable(void) { /* Prepare defaults. */ - parse_lsm_enable("all", default_enabled, true); + parse_lsm_enable(builtin_lsm_enable, default_enabled, true); } /** -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: keescook@chromium.org (Kees Cook) To: linux-security-module@vger.kernel.org Subject: [PATCH security-next v3 17/29] LSM: Introduce CONFIG_LSM_ENABLE Date: Mon, 24 Sep 2018 17:18:20 -0700 [thread overview] Message-ID: <20180925001832.18322-18-keescook@chromium.org> (raw) In-Reply-To: <20180925001832.18322-1-keescook@chromium.org> To provide a set of default-enabled LSMs at boot, this introduces the new CONFIG_LSM_ENABLE. A value of "all" means all builtin LSMs are enabled by default. Any unlisted LSMs will be implicitly disabled (excepting those with LSM-specific CONFIGs for enabling/disabling). The behavior of the LSM-specific CONFIGs for SELinux are AppArmor unchanged: the default-enabled state for those LSMs remains controlled through their LSM-specific "enable" CONFIGs. Signed-off-by: Kees Cook <keescook@chromium.org> --- include/linux/lsm_hooks.h | 2 +- security/Kconfig | 8 ++++++++ security/security.c | 4 +++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 95798f212dbf..ab23f1bc6d77 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2044,7 +2044,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count, struct lsm_info { const char *name; /* Populated automatically. */ unsigned long flags; /* Optional: flags describing LSM */ - int *enabled; /* Optional: NULL means enabled. */ + int *enabled; /* Optional: NULL checks CONFIG_LSM_ENABLE */ int (*init)(void); }; diff --git a/security/Kconfig b/security/Kconfig index 27d8b2688f75..71306b046270 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -276,5 +276,13 @@ config DEFAULT_SECURITY default "apparmor" if DEFAULT_SECURITY_APPARMOR default "" if DEFAULT_SECURITY_DAC +config LSM_ENABLE + string "LSMs to enable at boot time" + default "all" + help + A comma-separate list of LSMs to enable by default at boot. The + default is "all", to enable all LSM modules at boot. Any LSMs + not listed here will be disabled by default. + endmenu diff --git a/security/security.c b/security/security.c index a8107d54b3d3..7ecb9879a863 100644 --- a/security/security.c +++ b/security/security.c @@ -45,6 +45,8 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; +static __initconst const char * const builtin_lsm_enable = CONFIG_LSM_ENABLE; + static bool debug __initdata; #define init_debug(...) \ do { \ @@ -182,7 +184,7 @@ static void __init parse_lsm_enable(const char *str, static void __init prepare_lsm_enable(void) { /* Prepare defaults. */ - parse_lsm_enable("all", default_enabled, true); + parse_lsm_enable(builtin_lsm_enable, default_enabled, true); } /** -- 2.17.1
next prev parent reply other threads:[~2018-09-25 0:25 UTC|newest] Thread overview: 126+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-09-25 0:18 [PATCH security-next v3 00/29] LSM: Explict LSM ordering Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 01/29] LSM: Correctly announce start of LSM initialization Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 19:53 ` James Morris 2018-10-01 21:05 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 02/29] vmlinux.lds.h: Avoid copy/paste of security_init section Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 19:56 ` James Morris 2018-10-01 21:05 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 03/29] LSM: Rename .security_initcall section to .lsm_info Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 19:57 ` James Morris 2018-10-01 21:06 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 04/29] LSM: Remove initcall tracing Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-09-26 16:35 ` Steven Rostedt 2018-09-26 16:35 ` Steven Rostedt 2018-09-26 18:35 ` Kees Cook 2018-09-26 18:35 ` Kees Cook 2018-09-30 23:25 ` Steven Rostedt 2018-09-30 23:25 ` Steven Rostedt 2018-10-01 1:01 ` Kees Cook 2018-10-01 1:01 ` Kees Cook 2018-10-01 21:07 ` John Johansen 2018-10-01 21:23 ` Steven Rostedt 2018-10-01 22:38 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 05/29] LSM: Convert from initcall to struct lsm_info Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 19:59 ` James Morris 2018-10-01 21:08 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 06/29] vmlinux.lds.h: Move LSM_TABLE into INIT_DATA Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:10 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 07/29] LSM: Convert security_initcall() into DEFINE_LSM() Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:12 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 08/29] LSM: Record LSM name in struct lsm_info Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:13 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 09/29] LSM: Provide init debugging infrastructure Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:14 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 10/29] LSM: Don't ignore initialization failures Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:14 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 11/29] LSM: Introduce LSM_FLAG_LEGACY_MAJOR Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:15 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 12/29] LSM: Provide separate ordered initialization Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:17 ` John Johansen 2018-10-01 22:03 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 13/29] LoadPin: Rename "enable" to "enforce" Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:17 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 14/29] LSM: Plumb visibility into optional "enabled" state Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:18 ` John Johansen 2018-10-01 21:47 ` James Morris 2018-10-01 21:56 ` Kees Cook 2018-10-01 22:20 ` John Johansen 2018-10-01 22:29 ` Kees Cook 2018-10-01 22:53 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 15/29] LSM: Lift LSM selection out of individual LSMs Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:18 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 16/29] LSM: Prepare for arbitrary LSM enabling Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:22 ` John Johansen 2018-09-25 0:18 ` Kees Cook [this message] 2018-09-25 0:18 ` [PATCH security-next v3 17/29] LSM: Introduce CONFIG_LSM_ENABLE Kees Cook 2018-10-01 21:34 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable= Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:46 ` John Johansen 2018-10-01 22:27 ` Kees Cook 2018-10-01 22:48 ` John Johansen 2018-10-01 23:30 ` Kees Cook 2018-10-01 23:38 ` Kees Cook 2018-10-01 23:57 ` John Johansen 2018-10-01 23:44 ` John Johansen 2018-10-01 23:49 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 19/29] LSM: Prepare for reorganizing "security=" logic Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-10-01 21:47 ` John Johansen 2018-09-25 0:18 ` [PATCH security-next v3 20/29] LSM: Refactor "security=" in terms of enable/disable Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 21/29] LSM: Build ordered list of ordered LSMs for init Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 22/29] LSM: Introduce CONFIG_LSM_ORDER Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 23/29] LSM: Introduce "lsm.order=" for boottime ordering Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 24/29] LoadPin: Initialize as ordered LSM Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 25/29] Yama: " Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 26/29] LSM: Introduce enum lsm_order Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 27/29] capability: Initialize as LSM_ORDER_FIRST Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 28/29] LSM: Separate idea of "major" LSM from "exclusive" LSM Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-09-25 0:18 ` [PATCH security-next v3 29/29] LSM: Add all exclusive LSMs to ordered initialization Kees Cook 2018-09-25 0:18 ` Kees Cook 2018-09-28 15:55 ` [PATCH security-next v3 00/29] LSM: Explict LSM ordering Casey Schaufler 2018-09-28 15:55 ` Casey Schaufler 2018-09-28 20:01 ` Kees Cook 2018-09-28 20:01 ` Kees Cook 2018-09-28 20:25 ` Stephen Smalley 2018-09-28 20:25 ` Stephen Smalley 2018-09-28 20:33 ` Stephen Smalley 2018-09-28 20:33 ` Stephen Smalley 2018-09-28 20:54 ` Kees Cook 2018-09-28 20:54 ` Kees Cook 2018-09-29 10:48 ` Tetsuo Handa 2018-09-29 10:48 ` Tetsuo Handa 2018-09-29 18:18 ` Kees Cook 2018-09-29 18:18 ` Kees Cook 2018-09-30 2:36 ` Tetsuo Handa 2018-09-30 2:36 ` Tetsuo Handa 2018-09-30 16:57 ` Kees Cook 2018-09-30 16:57 ` Kees Cook 2018-09-29 18:19 ` John Johansen 2018-09-29 18:19 ` John Johansen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20180925001832.18322-18-keescook@chromium.org \ --to=keescook@chromium.org \ --cc=casey.schaufler@intel.com \ --cc=casey@schaufler-ca.com \ --cc=corbet@lwn.net \ --cc=jmorris@namei.org \ --cc=john.johansen@canonical.com \ --cc=linux-arch@vger.kernel.org \ --cc=linux-doc@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=paul@paul-moore.com \ --cc=penguin-kernel@i-love.sakura.ne.jp \ --cc=sds@tycho.nsa.gov \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.