MIME-Version: 1.0
In-Reply-To: <20170829175647.ej5fqszss2mbpc5i@redbean>
References: <20170804180751.14896-1-mjg59@google.com> <20170810204328.kk4lbj4hvednmofw@redbean>
 <CACdnJusrO0rThxt0ikapFVWtJZVaiYj8AJ_oFOczskRKS4fVpA@mail.gmail.com> <20170829175647.ej5fqszss2mbpc5i@redbean>
From: Matthew Garrett <mjg59@google.com>
Date: Tue, 29 Aug 2017 13:22:59 -0700
Message-ID: <CACdnJutWdHi5YOG1Mn0vZwTmZyQHyyABeZ0caNn2rJCYehCGhg@mail.gmail.com>
Subject: Re: Allow automatic kernel taint on unsigned module load to be disabled
To: Jessica Yu <jeyu@kernel.org>
Cc: linux-kernel@vger.kernel.org, Rusty Russell <rusty@rustcorp.com.au>,
        ben@decadent.org.uk
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1108
Lines: 21

On Tue, Aug 29, 2017 at 10:56 AM, Jessica Yu <jeyu@kernel.org> wrote:
> I understand what the patch is doing, what I don't yet understand is
> _why_ you would want to remove the unsigned module taint when
> CONFIG_MODULE_SIG is enabled. Which distributions are asking for this
> exactly, and for what use cases? I find it a bit contradictory to have
> CONFIG_MODULE_SIG enabled and at the same time expect the kernel to
> behave as if the option wasn't enabled.

Debian disable CONFIG_MODULE_SIG because of this additional taint
(I've Cc:ed Ben who made this change).

> I would really prefer not to add extra code to remove what is cosmetic
> and still has informational/debug value. If the unsigned module taint
> is for whatever reason that bothersome, why can't distro(s) carry a
> 2-line patch removing the message and taint for those particular
> setups where signatures are considered "irrelevant" even with
> CONFIG_MODULE_SIG=y?

If it's functionality that distributions want to patch out, it makes
sense to provide them with a config option rather than forcing them to
maintain a patch separately.