Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4616958imm; Mon, 17 Sep 2018 18:00:46 -0700 (PDT) X-Google-Smtp-Source: ANB0VdagvLdLPOEvJspShmboHeWYVi44UJCboPslB4AUqKJWgoXoEhS41ePL0m1ghnW3Vo2PpW9C X-Received: by 2002:a62:a05:: with SMTP id s5-v6mr28584986pfi.147.1537232446414; Mon, 17 Sep 2018 18:00:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537232446; cv=none; d=google.com; s=arc-20160816; b=D9rFyZGMGi+Ti+QcXn2v/gNJj70qnaSS/n84/GPm3ty0o2Nn43RqELC2+xvtQPtbe9 bInVosY3H8wh3OKFI/O0jzxRP7uzkJzbRQeOPZlv6xpF/za0G4Wact2UBM1/bu14CVNC /1IXuQWS1FmO2N9VEmdKMYnJF7zKiglPE3A905p9R72ImQ3ama6eUkvOUmJagPO+sj1n wFkYZEn3ZIiXIT96NRxO23nGIPodybDn14bJiihFZdspBFDCh1YBurXIuIY98oHtnkqA zs+LeIal/m9cdJ8xb73Bc2HMXQxgNMohyd/0uPzhaYnLiKWgjw7w0sJ+Fe14C+syp73/ GY/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=lTWFAxInNwFKnRQOBaghMH/Cz2nNHM8DY0LKUL1ybc8=; b=wtXoQsEJ6mTLERolzVhBLWg30+h/2bomEaXTV4XZTIWeUg9vvsAgnuPYhlV+3fJvov gO2akYTwNR1WKWZEI/RVgPRpLfUUsaknoiDn7s+vqEcvNwYozXpu8nlXnE6QgTDO1efD V/s3YNa3MG08jUEc4iszS7gxdw6+YwiI5wkY17Q03yb9Rc8gEeTUoJyaqUDe+A2Q1J8F I1WcDPRzZld4kxD8TIg+UYBunSmepBR8xAj2XNx9GlNU0MvPQmHJUW9ojzQPoBGnbN11 V5PnWh7F+1kQixgSokf7QU508JTqd7rHGulqNd9D4uR9WRJEN1O8vy2YL7+2dUftzEij TnvA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=dYapqbIf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v10-v6si16262033pfe.173.2018.09.17.18.00.31; Mon, 17 Sep 2018 18:00:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=dYapqbIf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729010AbeIRG3g (ORCPT + 99 others); Tue, 18 Sep 2018 02:29:36 -0400 Received: from mail-yb1-f176.google.com ([209.85.219.176]:44072 "EHLO mail-yb1-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726987AbeIRG3g (ORCPT ); Tue, 18 Sep 2018 02:29:36 -0400 Received: by mail-yb1-f176.google.com with SMTP id s8-v6so95966ybo.11 for ; Mon, 17 Sep 2018 17:59:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lTWFAxInNwFKnRQOBaghMH/Cz2nNHM8DY0LKUL1ybc8=; b=dYapqbIfyju5fCL/MvE/O8tHAuRZ0UtK5h09clmHzvdNeWioJt4SO4fMb80Ywemos2 QmMBIJIDywV41vX+sTSpJ1A8Lcj+KBEQkAJIs17R7qVFDHEL1zq0GsaTK3hrqLAqqIm1 ICx/Le8I+szGldRSvEb9HmhhOL5SpEITrs2/E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lTWFAxInNwFKnRQOBaghMH/Cz2nNHM8DY0LKUL1ybc8=; b=ObXoAfpQXeiQxcQT3+Yd7NwdHWvZwEgkC2D87IFged0rhpnjOTBxlaqA5VBNY9GCxD N/yOFRRmo8Te/CP+inG3JsA3hLslL6yrPymX9ob+MMHLyMjmQQ1bHXGjzF/0bPYNsRjl ROWn3xHLDIdC4DAW/eMLB3IRFtEjIliV/GGrChSwXGObBe1uho6kOynZn2l9IASl5R5R /w1+w3XJFAi0g+yXsc5PVAYDr8RLucIjzP0BQ9MCDQciNBkaE/XJ3YrvXmkpv//AZVkn 4kqXbBiZb9mIt3dmkEylRhtOX+FNs7WPtbrDclIuuXD/T+QORyk7txloheJbjIo+q7U0 3rGg== X-Gm-Message-State: APzg51BSg5qFXroGuPXa7HwsppioHUIFvrdXj33tUf/2SeYGKmfwaKPD 154X0Nhh5hB/O5nVGdkYvPt2zzeCRzk= X-Received: by 2002:a25:af52:: with SMTP id c18-v6mr1784191ybj.375.1537232378892; Mon, 17 Sep 2018 17:59:38 -0700 (PDT) Received: from mail-yw1-f45.google.com (mail-yw1-f45.google.com. [209.85.161.45]) by smtp.gmail.com with ESMTPSA id r84-v6sm1176061ywe.10.2018.09.17.17.59.37 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Sep 2018 17:59:38 -0700 (PDT) Received: by mail-yw1-f45.google.com with SMTP id j131-v6so87218ywc.13 for ; Mon, 17 Sep 2018 17:59:37 -0700 (PDT) X-Received: by 2002:a81:9b85:: with SMTP id s127-v6mr11285411ywg.47.1537232376436; Mon, 17 Sep 2018 17:59:36 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f04:0:0:0:0:0 with HTTP; Mon, 17 Sep 2018 17:59:35 -0700 (PDT) In-Reply-To: <580f7894-14d7-c0a3-75b7-9a5f4e3af0b8@schaufler-ca.com> References: <20180916003059.1046-1-keescook@chromium.org> <20180916003059.1046-17-keescook@chromium.org> <84e1a5a8-8997-829f-cf09-1d29895a3f99@schaufler-ca.com> <35b0af5b-e37e-e192-73b5-0d0b37d9e37f@schaufler-ca.com> <8f0bd39b-29a6-325d-4558-d9f484249c22@schaufler-ca.com> <53377892-695f-6336-8574-54c7aa0a4201@schaufler-ca.com> <7ecfffc3-d2a4-3ff7-4bf5-db3029d73c59@canonical.com> <580f7894-14d7-c0a3-75b7-9a5f4e3af0b8@schaufler-ca.com> From: Kees Cook Date: Mon, 17 Sep 2018 17:59:35 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 16/18] LSM: Allow arbitrary LSM ordering To: Casey Schaufler Cc: John Johansen , James Morris , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 17, 2018 at 5:57 PM, Casey Schaufler wrote: > If I read you correctly, "first exclusive" would suit my needs just fine. > I like the notion of build time ordering because I hate using the boot > command line. Okay, excellent. I think I have enough for a v2 on this. I'll crank it out... -Kees -- Kees Cook Pixel Security