Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1406034imm; Tue, 2 Oct 2018 07:44:35 -0700 (PDT) X-Google-Smtp-Source: ACcGV60b5H/mytMGA0bRa8R4ahpudj4BjtgwF+hVwIBHdsplGqAXt0bDhBtZzctCFSUlpNhcrZQv X-Received: by 2002:a63:cc04:: with SMTP id x4-v6mr14546233pgf.33.1538491475723; Tue, 02 Oct 2018 07:44:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538491475; cv=none; d=google.com; s=arc-20160816; b=fv6kUA8KWzrLf7BSyXM3s+LC4/pKC91xxqSQcuH0VemCaNlGuiIS+GHAaHNABzu9t6 +FSk++b4/A4wTjbMBFoMluGijxGRRwQa3Bfc0dOiTbovqeitKtG4xvYFwDf+hjFWKTug DsR60ZAdNe0R4OklD9xw9j2kUKCRjyVK0Uhe9xH8Fe1uCQ+lYlWffj4ywwqvK7b8eUNL xuYbMHfzqmKFa2p6Ta+v4UH3RVSDuZ5LJe2Xjs7hQZpVZXkXCXgKwsFbl7yMZhvVv3Xj 0th+281ZithIU2JbTzksXtRxDfCRwnyJgLooJ7gFlHMeDH4nS/036a+1hEGucsSHMWBm HeyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=i/m6cNuwDQR65poY90TV5hhjfZE+DR6UM2c0BpvLWSE=; b=TxuIp+Nxd/RgyLWTn+pngqokQYddnEeqJ6FLlxaSI26IJ1Rxp1R91umFU0vQyfiGvb LCm8bQvWT9NZ7blZvPED5UkXZ0Hyyeu0Rg3lE1u8fjzgftCLRYn7m7KpYUczd7+Ay3d4 42BzsWSQETRJ9hTfwo/ono2xJ8m9yqXzAt9oBOCw5SuHB46cIL4VDLXxV6EUBBXr5qu2 qnLrhtDVSaqDU4Kp7WOY2Y7lhpzQtXoe4FzwT3f0KtIJWPyZnJFoCyhpWKQi26kDd1NR hiUAo8IXHo0adJz1H3/FRspJR0dhAntv0hOslphRcrr6QW+OdYLIno79O13l3/rH89F3 a2tA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ate2HoCr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q24-v6si15151586pgb.11.2018.10.02.07.44.19; Tue, 02 Oct 2018 07:44:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ate2HoCr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728276AbeJBV1y (ORCPT + 99 others); Tue, 2 Oct 2018 17:27:54 -0400 Received: from mail-yb1-f194.google.com ([209.85.219.194]:33951 "EHLO mail-yb1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726861AbeJBV1y (ORCPT ); Tue, 2 Oct 2018 17:27:54 -0400 Received: by mail-yb1-f194.google.com with SMTP id 184-v6so881140ybg.1 for ; Tue, 02 Oct 2018 07:44:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=i/m6cNuwDQR65poY90TV5hhjfZE+DR6UM2c0BpvLWSE=; b=ate2HoCrzNYmzPqH2d/JSNTq8USy9L1MbApztE5qGuRzFEKc7Q1hNrGn/QfzlwA46Q ke4i25NLe+niCaQAXhzkn09GztnpnzOxUyAHTKDsKEOee8apHck502Thnrsom2NdXM9U M0+Xr5WZJovKptEMWMcPysnilD58VRDWaoHhE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=i/m6cNuwDQR65poY90TV5hhjfZE+DR6UM2c0BpvLWSE=; b=Zi4hUN+rYmp3X4sbPvrlwyzcO0OW0RCBjsHaT6sgTRTzLukXxHxkEsfvs9LqbW4GSm o2AAfMZiixTy61VvoVpQWFv1TqrxPLlj5MEYoDUT26r+P3S69Saxb936/XH0d/evbc/D SWqNLHLz8CB70mpqoROlZvVUTLsEJiek70uGW99KxiNf6unAz45f8b5JOpdCKMyBqxIJ AKCBml+Ru+aGkjwyV4d8E5Cd7aQJRVHHTB2jj5u5O1ErXDmsqMWRhVcADslNOByO1ec9 1lZcgGKk9271i6PO3vyS0bFheyBk6QwF1jJ0+0Oi0jVyqMMJL/xwIcsOp7AXbt4pHM7D VUlw== X-Gm-Message-State: ABuFfohPiEangwimtWcp8kbolU6PdVPriWp/dA6OMqvPxKypjY8FTTGj ODxx/2bnidcPPEMQXev/h0h8qS6pjnE= X-Received: by 2002:a5b:c45:: with SMTP id d5-v6mr8859087ybr.136.1538491448653; Tue, 02 Oct 2018 07:44:08 -0700 (PDT) Received: from mail-yw1-f43.google.com (mail-yw1-f43.google.com. [209.85.161.43]) by smtp.gmail.com with ESMTPSA id n6-v6sm6216243ywe.89.2018.10.02.07.44.06 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Oct 2018 07:44:07 -0700 (PDT) Received: by mail-yw1-f43.google.com with SMTP id y14-v6so839052ywa.4 for ; Tue, 02 Oct 2018 07:44:06 -0700 (PDT) X-Received: by 2002:a81:2cc3:: with SMTP id s186-v6mr547127yws.168.1538491446427; Tue, 02 Oct 2018 07:44:06 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d116:0:0:0:0:0 with HTTP; Tue, 2 Oct 2018 07:44:05 -0700 (PDT) In-Reply-To: <785ef6a9-ae46-3533-0348-74bcf6f10928@tycho.nsa.gov> References: <20181002005505.6112-1-keescook@chromium.org> <20181002005505.6112-24-keescook@chromium.org> <785ef6a9-ae46-3533-0348-74bcf6f10928@tycho.nsa.gov> From: Kees Cook Date: Tue, 2 Oct 2018 07:44:05 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH security-next v4 23/32] selinux: Remove boot parameter To: Stephen Smalley Cc: Paul Moore , James Morris , Casey Schaufler , John Johansen , Tetsuo Handa , "Schaufler, Casey" , linux-security-module , Jonathan Corbet , "open list:DOCUMENTATION" , linux-arch , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 2, 2018 at 6:42 AM, Stephen Smalley wrote: > On 10/02/2018 08:12 AM, Paul Moore wrote: >> >> On Mon, Oct 1, 2018 at 9:04 PM Kees Cook wrote: >>> >>> Since LSM enabling is now centralized with CONFIG_LSM_ENABLE and >>> "lsm.enable=...", this removes the LSM-specific enabling logic from >>> SELinux. >>> >>> Signed-off-by: Kees Cook >>> --- >>> .../admin-guide/kernel-parameters.txt | 9 ------ >>> security/selinux/Kconfig | 29 ------------------- >>> security/selinux/hooks.c | 15 +--------- >>> 3 files changed, 1 insertion(+), 52 deletions(-) >>> >>> diff --git a/Documentation/admin-guide/kernel-parameters.txt >>> b/Documentation/admin-guide/kernel-parameters.txt >>> index cf963febebb0..0d10ab3d020e 100644 >>> --- a/Documentation/admin-guide/kernel-parameters.txt >>> +++ b/Documentation/admin-guide/kernel-parameters.txt >>> @@ -4045,15 +4045,6 @@ >>> loaded. An invalid security module name will be >>> treated >>> as if no module has been chosen. >>> >>> - selinux= [SELINUX] Disable or enable SELinux at boot time. >>> - Format: { "0" | "1" } >>> - See security/selinux/Kconfig help text. >>> - 0 -- disable. >>> - 1 -- enable. >>> - Default value is set via kernel config option. >>> - If enabled at boot time, /selinux/disable can be >>> used >>> - later to disable prior to initial policy load. >> >> >> No comments yet on the rest of the patchset, but the subject line of >> this patch caught my eye and I wanted to comment quickly on this one >> ... >> >> Not a fan unfortunately. >> >> Much like the SELinux bits under /proc/self/attr, this is a user >> visible thing which has made its way into a lot of docs, scripts, and >> minds; I believe removing it would be a big mistake. > > > Yes, we can't suddenly break existing systems that had selinux=0 in their > grub config. We have to retain the support. Is it okay to only support selinux=0 (instead of also selinux=1)? -Kees -- Kees Cook Pixel Security