Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp56821imm; Thu, 20 Sep 2018 18:11:30 -0700 (PDT) X-Google-Smtp-Source: ANB0VdY/OffUUJXkI67EB5iPXRD03rx1/X9XynwrUAQEw4JzwHkC9lgH7wnptf/3Po2q40XI3UYL X-Received: by 2002:a62:3545:: with SMTP id c66-v6mr43386239pfa.63.1537492290225; Thu, 20 Sep 2018 18:11:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537492290; cv=none; d=google.com; s=arc-20160816; b=eUNaHqOr71THvrjfbVGHCuph2cj+yMB0zhy20JIZm+ypYHCmDY5ShL43byk9Tp5Z32 CQ7T6efMP/xsf2GXXahNH0XORw2FjO8iRaQF/8hGR8rb+UD3ETcJ27u+1/KIYnEUiZrO NGvgNlbuHkRAE2lkdg4hjX7WwSqEfAB3lFIdyu+NGX518x/tQnf1yoThb8FXfVjcmi0q 6/JoO8FlAWjN8qoeUFijKhQ8P+FLG17KHjGZTHLJxqt/Gov38YzYxi1tFVEUOfSLTHwx MNA4Gj4ZT0PqoJTBGcU86s/EExQIbr6nMnA4EewT1OpZ7dDczb5jl8NFepZoRiooxUTZ w8Gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=V+yMfFj1ICLwnW5PuD+WMkbCrrB6HKESCNC+Icgaf/8=; b=xZ6d3TSd4KVP7O7XWsTQO8jp9XvKJPhlEiMJhKfkVHV2dpvC2L19k+q/BXsUpCOeSk F8wzkCjoDn2Cr93jdfUWclTDNRdHc+CMaiC63lcrQIO2FnHGILTTNQjI735pwUYsMbNo /WjbSV9zzcpoSQFmtjKcCQkPgo9TSch1XBSuHdfcL+tUAET8I2eUV2wTQEmZjlf20Ote Z8aYK4Fi4bPUU8RAIFMum6jytZFbPi5qDizyKOPSf3QiEZd7T9CxF6dblg/F8PXWAuHE MvcmV6eUUr638GjwJbKt2LNSXcKxQltZhEenInKr7Yj4o/UO/p7+BPkshAN03RtRs0Eq mybQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=gf6yfDKx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u20-v6si5169244pgo.377.2018.09.20.18.11.14; Thu, 20 Sep 2018 18:11:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=gf6yfDKx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388876AbeIUG41 (ORCPT + 99 others); Fri, 21 Sep 2018 02:56:27 -0400 Received: from sonic305-10.consmr.mail.bf2.yahoo.com ([74.6.133.49]:44590 "EHLO sonic305-10.consmr.mail.bf2.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388850AbeIUG41 (ORCPT ); Fri, 21 Sep 2018 02:56:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1537492209; bh=V+yMfFj1ICLwnW5PuD+WMkbCrrB6HKESCNC+Icgaf/8=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=gf6yfDKxJPu1rZ2y6gK2+YojlfyczXW+uthqlLkKN6xSYlg10W7bzvwTDqz4os3v4MdC0hXuI1aea6Hi/0Edcru99glQInILRWQFDfpcaXDA0jMCmlNlLKBz2X3W60UbtSxtM1PGzzz2I04Dfk2ZN2NGT3If3NomV7EPmg/QGQUauXseUvifY9ajVLZcFs9YmGGjj+TR5+ydeSjFKqAyAlxXlp+eu9V+6jDYfdD5LpEBODx9eqTkApcspnY6y+Zl5h9y4LTBdmVOEUZkDtmn7Bh1Zk1x1PPuYcTr2h3D2ipFwN5dnhMHHxBPWBandjgKJx5ndRb9CFzeso6P9w7M2w== X-YMail-OSG: UGMaS1EVM1mVg6DvyMK1EmLqsRV4q67ttJ9sWrZ5uHyQVEauIeu434aYn7EOPy5 oqLn2Re34p1fYuJz43q_7N5IjTs6_MyyPwBBGnzs3lmQV.N.w6rSOnLwgOd.3XOvhOVNIlTu9ioZ tpKX8czpQZ2PHhbPeqNAEscTIgeuX.xSNkv5tCEOHXdq1RXrszCSyBTqaWOuCezKLaTeBvvxDNp4 EEwx0vuQr0Smz.BmgQBZ6Ys7yiL0_cfa2ndli0cR6sUkrFgbTPoU6p97RzPG8O0LEPNKNfqspq1R v4BKma2vcj9pOQDhYSLN0LaDvru97nrp3oS_C6SnvsbibRpqSOwRO8SxixDuueFgFd_HZ0UElvfM exSCnLjbt33veUseBCKAfIiUaK3jg5gv5AvqlLojeCa4Q.Wpv4Wtai3NSmtjT6hfA1kf2o3mvQJt DQffE4m3OVNGicI3GcWSXlxi5vLJpCKIoRR6vuKNvSf.Q8x9DRDvq8eUSZnEO4W8ZvaSg90RiGXj WP0dE4HrAPE9CoftZuHz643MbJgLYp58StDXMypnikqaTC2qxhsfENozfIriWRDO_Dof6RN8sSfX rEmryex33wHRw_OqBaSyINzFLpymKgg4_uub75TVoP03bNKafD3aLH5tRovmI5FMN2Lmi5_VOpFz ZENQ3.9Vsv3Y8wHLEhkPVcTVDCOsJTCWoV.mHNaUfG5qBmXtbViiHS9O2XhfMhFQ1wqzmaOtvubK Quj_oyqDtGlmRkQmCaiHgvVt.VsI0Fq7YawbLInHPXoaI42jdWwejNzEmJWvec.eMgeIVWxjlvuJ T6JGHsM9CoskjM2hDOROqWSKL2Jwp1tTCKc62V.tHEQ5Ze5uS8nnFDOl7Gfb4OLrTF4DYffr3I.b Kc_ZHFmugWsa0wOsQtkeObK1g.tsQpifu9imENOJKjk0k7UV4ibUOiKM3HRlNA60Ltupzfj66qnc 7U6ZMRFt.48fxOdyuRl2O1Z1nFLYdvtvHZVuC3O6AszZSNQnyrOF_rUz0XDvt.whyX0DbeWgpz3T iQG._ctbMREMuySrgojnGsHzgYtJ.y9_r Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.bf2.yahoo.com with HTTP; Fri, 21 Sep 2018 01:10:09 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp428.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6b2b85509dd71181d40a6ba179a93e22; Fri, 21 Sep 2018 01:10:07 +0000 (UTC) Subject: Re: [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization To: Kees Cook Cc: James Morris , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , Jonathan Corbet , "open list:DOCUMENTATION" , linux-arch , LKML References: <20180920162338.21060-1-keescook@chromium.org> <20180920162338.21060-27-keescook@chromium.org> From: Casey Schaufler Message-ID: <7d2cc28b-aee5-ee91-9362-f92f8ca30adc@schaufler-ca.com> Date: Thu, 20 Sep 2018 18:10:03 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/20/2018 5:45 PM, Kees Cook wrote: > On Thu, Sep 20, 2018 at 5:25 PM, Casey Schaufler wrote: >> On 9/20/2018 9:23 AM, Kees Cook wrote: >>> config LSM_ORDER >>> string "Default initialization order of builtin LSMs" >>> - default "yama,loadpin,integrity" >>> + default "yama,loadpin,integrity,selinux,smack,tomoyo,apparmor" >> If I want to compile all the major modules into my kernel and use >> AppArmor by default would I use >> >> default "yama,loadpin,integrity,apparmor,selinux,smack,tomoyo" >> >> or >> >> default "yama,loadpin,integrity,apparmor" > I was expecting the former, but the latter will have the same result. > >> When we have "blob-sharing" how could I compile in tomoyo, >> but exclude it without a boot line option? > Ooh, yes, this series has no way to do that. Perhaps > CONFIG_LSM_DISABLE in the same form as CONFIG_LSM_ORDER? I would > totally remove LoadPin's CONFIG for this in favor it. I would generally prefer an optional CONFIG_LSM_ENABLE to CONFIG_LSM_DISABLE, but I understand the logic behind your approach. I would be looking for something like CONFIG LSM_ENABLE string "Default set of enabled LSMs" default "" as opposed to CONFIG LSM_DISABLE string "Default set of disabled LSMs" default "" where an empty string is interpreted as "use 'em all" in either case. >> When we have full stacking, how could I compile in selinux >> but exclude it? > Yup, same problem. Same suggested solution? > > Should lsm.enable/disable= also become a comma-separated list, or > should I leave it as a multi-instance thing like I have it? I prefer the multi-instance lsm.disable=selinux lsm.disable=yama to the list lsm.disable=selinux,yama but at this point I don't really care all that much.