2006-12-30 15:49:34

by Daniel Walker

[permalink] [raw]
Subject: [PATCH -rt] panic on SLIM + selinux

If you have both SLIM and selinux compiled into your kernel selinux will panic
if it can't register itself. The code below,

if (register_security (&selinux_ops))
panic("SELinux: Unable to register with kernel.\n");

"security/selinux/hooks.c" 5014 lines --95%-- 4811,35 96%

This could be a bug report cause I bet there's a better way to make these mutually
exclusive.

Signed-Off-By: Daniel Walker <[email protected]>

---
security/slim/Kconfig | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)

Index: linux-2.6.19/security/slim/Kconfig
===================================================================
--- linux-2.6.19.orig/security/slim/Kconfig
+++ linux-2.6.19/security/slim/Kconfig
@@ -1,6 +1,6 @@
config SECURITY_SLIM
boolean "SLIM support"
- depends on SECURITY && SECURITY_NETWORK && INTEGRITY
+ depends on SECURITY && SECURITY_NETWORK && INTEGRITY && !SECURITY_SELINUX
help
The Simple Linux Integrity Module implements a modified low water-mark
mandatory access control integrity model.
--


2006-12-30 15:54:17

by Daniel Walker

[permalink] [raw]
Subject: Should be [PATCH -mm] -- Re: [PATCH -rt] panic on SLIM + selinux


Sorry, really for -mm .

On Sat, 2006-12-30 at 07:48 -0800, Daniel Walker wrote:
> If you have both SLIM and selinux compiled into your kernel selinux will panic
> if it can't register itself. The code below,
>
> if (register_security (&selinux_ops))
> panic("SELinux: Unable to register with kernel.\n");
>
> "security/selinux/hooks.c" 5014 lines --95%-- 4811,35 96%
>
> This could be a bug report cause I bet there's a better way to make these mutually
> exclusive.
>
> Signed-Off-By: Daniel Walker <[email protected]>
>
> ---
> security/slim/Kconfig | 2 +-
> 1 files changed, 1 insertion(+), 1 deletion(-)
>
> Index: linux-2.6.19/security/slim/Kconfig
> ===================================================================
> --- linux-2.6.19.orig/security/slim/Kconfig
> +++ linux-2.6.19/security/slim/Kconfig
> @@ -1,6 +1,6 @@
> config SECURITY_SLIM
> boolean "SLIM support"
> - depends on SECURITY && SECURITY_NETWORK && INTEGRITY
> + depends on SECURITY && SECURITY_NETWORK && INTEGRITY && !SECURITY_SELINUX
> help
> The Simple Linux Integrity Module implements a modified low water-mark
> mandatory access control integrity model.
> --
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

2007-01-02 18:05:31

by Mimi Zohar

[permalink] [raw]
Subject: Re: Should be [PATCH -mm] -- Re: [PATCH -rt] panic on SLIM + selinux

Being able to compile both SELinux and SLIM into the kernel was done
intentionally. The kernel parameters 'selinux' and 'slim' can enable
or disable the LSM module at boot. Perhaps, for the time being, the
SECURITY_SLIM_BOOTPARAM_VALUE should default to 0.

Mimi

2007-01-02 19:02:17

by Daniel Walker

[permalink] [raw]
Subject: Re: Should be [PATCH -mm] -- Re: [PATCH -rt] panic on SLIM + selinux

On Tue, 2007-01-02 at 13:05 -0500, Mimi Zohar wrote:
> Being able to compile both SELinux and SLIM into the kernel was done
> intentionally. The kernel parameters 'selinux' and 'slim' can enable
> or disable the LSM module at boot. Perhaps, for the time being, the
> SECURITY_SLIM_BOOTPARAM_VALUE should default to 0.

They currently don't play nice together, i.e. the kernel panics with
both compiled in together and default settings. So something needs to
change..

Daniel

2007-01-02 21:40:35

by Serge E. Hallyn

[permalink] [raw]
Subject: Re: Should be [PATCH -mm] -- Re: [PATCH -rt] panic on SLIM + selinux

Quoting Mimi Zohar ([email protected]):
> Being able to compile both SELinux and SLIM into the kernel was done
> intentionally.

Intentionally so that you can switch back and forth for testing?

> The kernel parameters 'selinux' and 'slim' can enable
> or disable the LSM module at boot. Perhaps, for the time being, the
> SECURITY_SLIM_BOOTPARAM_VALUE should default to 0.

That should solve the problem for most people. People wanting to
test with slim will still have to specify 'selinux=0' or get the
boot failure. But I suspect that having selinux automatically
not load when slim is loaded will be considered too unsafe?

Mimi, what about moving slim down below selinux in the Makefile,
and having slim refuse to load if security_ops is not an _ops you
know about (i.e. dummy_ops or capability_ops)? Then you can leave
SECURITY_SLIM_BOOTPARAM_VALUE as 1, and users just have to say
'selinux=0' to boot slim? Just a thought, maybe less intuitive...

-serge