Received: by 10.223.185.116 with SMTP id b49csp475060wrg; Sat, 3 Mar 2018 00:23:12 -0800 (PST) X-Google-Smtp-Source: AG47ELsSmxhu3yWKoAHvUfMkPsTv+lkYqYFPszrGyX3hgOVMCr9Jkv6pPDVBPYaVBv8Ml/giKh9D X-Received: by 2002:a17:902:b704:: with SMTP id d4-v6mr7831507pls.406.1520065392028; Sat, 03 Mar 2018 00:23:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520065391; cv=none; d=google.com; s=arc-20160816; b=RQBzb0NzCuB9pp1pEL3LRrfrFZlQn7Zj3GkuUMcKvVpo7cCr2QxD5o3V0Xf4PBGcu9 lJ9hN4Ss3QMkgqDHUTnDK4g28i2o7HtxrsDMidaLxXu8FhhfNwLLMhhrwSwkmFpJXzBP 0HcyEm0dEGq2VYHhNsK9kPlCFbOUQO8iN9f7ysVKxORqbGN+MMmIa3qOmtj22DGLqlaJ 1Hhj4DMLfuNezTEej9XqGOai9wBgzvPqk2xkojfDCm5RL2zL3LUUJnJgBe4fwSTX6HO+ R9jRicJ+Ol4DFAbtGvo/Hv69AR7tcDAt2PTBD+n2bFX4XOcMiN6FtcwIOT9dcJtzVX8O 72pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:date:message-id:in-reply-to :references:from:subject:cc:to:arc-authentication-results; bh=JyTF4kIjQ/fC8Ce61Gb/qpDvlGXjcD7nlqewegKg7TE=; b=xB+4b7dYeNu0jCm6COAaXoCISfWlwn2lFoV0yxYVUttelovDdDsO9V57T4jk2V9cEO aQTrbtoUkXZRrklXHhabDIG9eZw86ESh210GeqC+rW3ymbyL+/ui/fx7RmochAbmxIvH hN6XJdBuZsPbYgv90i7zmhE21Ysf5NGY/5iR6/Z+tciN8ORr9D8ZYVuBTVsVwbCevGQf oo35agcDxwrJU7UpWvKkdSb3AvLASDYRqzzoS9p3XlMuzwje6ypciZLsO0fqiMVMBetF bOy3d4cswP+0MWMHeHA2MidI4WK3Y8mze6b3fd637JMGy3lazU8i2MqkrXOkoMFkqYj5 dyiw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o4si5144213pgp.285.2018.03.03.00.22.57; Sat, 03 Mar 2018 00:23:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751847AbeCCIWU (ORCPT + 99 others); Sat, 3 Mar 2018 03:22:20 -0500 Received: from www262.sakura.ne.jp ([202.181.97.72]:40777 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751568AbeCCIWS (ORCPT ); Sat, 3 Mar 2018 03:22:18 -0500 Received: from fsav403.sakura.ne.jp (fsav403.sakura.ne.jp [133.242.250.102]) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id w238M4EA077710; Sat, 3 Mar 2018 17:22:05 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav403.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav403.sakura.ne.jp); Sat, 03 Mar 2018 17:22:04 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav403.sakura.ne.jp) Received: from AQUA (softbank126099184120.bbtec.net [126.99.184.120]) (authenticated bits=0) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id w238M4Xv077705; Sat, 3 Mar 2018 17:22:04 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) To: masanobu2.koike@toshiba.co.jp, casey@schaufler-ca.com Cc: jmorris@namei.org, serge@hallyn.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [RFC v2 1/2] WhiteEgret: Add WhiteEgret core functions. From: Tetsuo Handa References: <20180301073830.2551-1-masanobu2.koike@toshiba.co.jp> <458a466a-78bc-80d4-4d52-64b92d39f416@schaufler-ca.com> In-Reply-To: Message-Id: <201803031722.EDF21804.QHMOtFJOFFOLSV@I-love.SAKURA.ne.jp> X-Mailer: Winbiff [Version 2.51 PL2] X-Accept-Language: ja,en,zh Date: Sat, 3 Mar 2018 17:22:05 +0900 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Masanobu Koike wrote: > On Friday, March 02, 2018 12:43 AM, Casey Schaufler wrote: > > On 2/28/2018 11:38 PM, Masanobu Koike wrote: > > > @@ -264,6 +266,9 @@ choice > > > config DEFAULT_SECURITY_APPARMOR > > > bool "AppArmor" if SECURITY_APPARMOR=y > > > > > > + config DEFAULT_SECURITY_WHITEEGRET > > > + bool "WhiteEgret" if SECURITY_WHITEEGRET=y > > > + > > > > I don't see this module using any security blobs. Is there > > a reason you're not making this a minor (like yama) module > > instead of a major (like AppArmor) module? > > Thank you for your suggestion. > We are now developing WhiteEgret on the environment > it works certainly. > ??? What Casey suggested is effectively ---------- --- a/security/whiteegret/init.c +++ b/security/whiteegret/init.c @@ -48,9 +48,6 @@ static int __init we_init(void) { int rc; - if (!security_module_enable("whiteegret")) - return 0; - security_add_hooks(we_hooks, ARRAY_SIZE(we_hooks), "whiteegret"); rc = we_specific_init(); ---------- , isn't it? Unlike Yama, adding whiteegret_add_hooks() to security_init() is not useful, for security_init() is called too early to create securityfs entries for WhiteEgret. Current version uses security= parameter as a switch for enabling/disabling WhiteEgret, doesn't it? If WhiteEgret does not use security= as a switch, is some other switch (e.g. __setup()) expected?