Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1419141imm; Tue, 2 Oct 2018 07:57:20 -0700 (PDT) X-Google-Smtp-Source: ACcGV61CntyC7Dokb0aXbPpt/0P9jyw1LgdBE29KlHxGq3xJNsxO3nMqMa2qeSWdLzvS+Kre+qOy X-Received: by 2002:a63:145f:: with SMTP id 31-v6mr14548430pgu.35.1538492240248; Tue, 02 Oct 2018 07:57:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538492240; cv=none; d=google.com; s=arc-20160816; b=fS1gE0+txyk6U0zNkN0tWQWhC2I8IfpAImfVVkHy80GTgrO6k2zoUOiz/0ULYPHZSV gyGXBExz+RLutiE7BJYmU/hNBy/926kBVPkOQg6lUVd4CAyHsQmAj1YpUVOSJ6xhWvW1 r94+jWzXJhxT830ssziZrbkPx7CGwMfY0SQSYw9jLxFmLgojOrtIxnzpkrdT2PL2eI1r vYpcJVeGqav8eQNDpnNDpzrXKdrMBDoRX1h4Yr+JP42tksSR1nQnQvk1rZfAfAgPLgFm ZL+zNvIOn0n4udzHUUHBEBdGE5SIIMbeyZH6vWJnM70CwD03cQcz4r8NH0pJkiM5P2Hl r7SQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:ironport-phdr; bh=SlkoTbCtZ9bbom207k8J5G6X6Nu95lQiK9oZcORjzNI=; b=CoqJccEi8s0Zg4llxg9tYgQWGYP3wrm5g2Ax5gonc1W1P13MJI9kNxBsR7mH+QaSek y0LBW0lxoBZUI3UhNrd0xluT4MGFRWGHFIxQURlfwYdqAjYrq/DZN5KxmfAjChgUT2nZ mbB5JEmZOk3AA6zkEINTaJQ4gUB4rBW2WQJWLZRWUoCQeIMwXX4QRF50qtBhZXggil76 eqB1NAFQVBMe7XfSalNhDguJjwc3Z/+1g/Ur7Atz+PxO5Zwyul6+So/pSGE/6OKAReBL t1nmXlHGelU62W3B1pzDziUnC2fCO15XAgixc26d5YHbxCRlVPfuYAh7f+hKITb3yDCT v4TQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z31-v6si13720032plb.58.2018.10.02.07.57.05; Tue, 02 Oct 2018 07:57:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728931AbeJBVkb (ORCPT + 99 others); Tue, 2 Oct 2018 17:40:31 -0400 Received: from ucol19pa14.eemsg.mail.mil ([214.24.24.87]:5229 "EHLO ucol19pa14.eemsg.mail.mil" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726906AbeJBVkb (ORCPT ); Tue, 2 Oct 2018 17:40:31 -0400 X-EEMSG-check-008: 627432046|UCOL19PA14_EEMSG_MP12.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.54,332,1534809600"; d="scan'208";a="627432046" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa14.eemsg.mail.mil with ESMTP/TLS/DHE-RSA-AES256-SHA256; 02 Oct 2018 14:56:19 +0000 X-IronPort-AV: E=Sophos;i="5.54,332,1534809600"; d="scan'208";a="16433955" IronPort-PHdr: =?us-ascii?q?9a23=3Az8DBMBzx92/g4nPXCy+O+j09IxM/srCxBDY+r6?= =?us-ascii?q?Qd0u8XLvad9pjvdHbS+e9qxAeQG9mDtLQc06L/iOPJYSQ4+5GPsXQPItRndi?= =?us-ascii?q?QuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBg?= =?us-ascii?q?vwNRZvJuTyB4Xek9m72/q99pHPYQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0B?= =?us-ascii?q?vJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PG?= =?us-ascii?q?Av5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7Vq4/Vy?= =?us-ascii?q?i84Kh3SR/okCYHOCA/8GHLkcx7kaZXrAu8qxBj34LYZYeYO/RkfqPZYNgUW2?= =?us-ascii?q?xPUMhMXCBFG4+wcZcDA+8HMO1FrYfyukEOoAOjCweyCuPhyjxGiHH40qI10e?= =?us-ascii?q?suDQ7I0Rc8H98MqnnYsMn5OakQXO2z0aLGzS/Db/RT2Trl9YbIbg4uoemMXb?= =?us-ascii?q?1ud8ra1FQhFwbfgVWUrYzqITOU3fkKvmiA8uVgTvmii3Inqg5tojivwd0gio?= =?us-ascii?q?/Sho0P0FzE+iJ5wJgsKNC+VUV1YsakHYNNuyyVOIZ6WMMvT3xytCokxbAKp4?= =?us-ascii?q?S3cDUMxZ863RDQceaHfJKN4h/7UeaRJip3i2x9dbKkghay7VCgyurhVsmoyF?= =?us-ascii?q?pKrjRKkt3Ltn0Vyxzc8NKHSvpg/ke6wzqPywDS5f1EIUAzj6bbLYIuwqUsmZ?= =?us-ascii?q?YJtETDHyv2lF33jK+QaEok5vCl5/nob7jpvJORN5J4hhvgPqkhhMCzG/k0Ph?= =?us-ascii?q?ALX2eB+OS80LPj/Vf+QLVPlvA2ibTWsIvBKMQHpq+2Hw9V0oE55xa5FDepys?= =?us-ascii?q?4UnXYALFJbYB6HlZTmO0nSIPDkCveym1esnyl1yPDdIrLhBZLNLnvYnbj9fb?= =?us-ascii?q?Z98UlcyA8yzdBC4pJYELYBIOj8WkXprtzXEgc5MxCow+bgENh9zpkRWX+LAq?= =?us-ascii?q?KCKKPdq0KI5uY2L+mJY48Vvyz9JOY/6/Hyin85nEcXfbO10psPdHC4AvNmLl?= =?us-ascii?q?2bYXrphdcBC30KvgslTOHxjl2NSztTaGizX64m4TE7Eo2mB5/ZRo+xmLyBwD?= =?us-ascii?q?u7HppOa29aEF+MCmnndoWfVvcXdC2SItVukiEKVbilVYAhzwiiuxPgxLZ9Mu?= =?us-ascii?q?XU/SgYv4r51Ndp/+3TiQ0y9TtsAsSf1GGNT2d0knkKRz8x3KBwu0p9ykyd3q?= =?us-ascii?q?h+mPFXCcZc5/VOUgc8NJ7T0/Z1C9ToVg3dedeJTU6sQs+6DjEpUtIx39gObl?= =?us-ascii?q?5lG9q8iBDD0DeqA74Tl7CSB5w77Ljc337vKMZ50HvG1bAtj10hQstRK2KqnL?= =?us-ascii?q?V/+BLQB47UiUWWjbymdaIC0yLX9meD1XKEvFtEXw5oTaXFQXcfa1PKotvj/U?= =?us-ascii?q?PNUb+vBa48MgRdyc6NMLZKatPtjVpYXvfuI9XeY2Stm2iuARaE3K+DbI3ve2?= =?us-ascii?q?8FxiXSFFAEkxwP/XaBLQU+Aiaho2TDDD1hDF7veF3j/vVjqHOhT0800wGLY1?= =?us-ascii?q?Rk17qy5xEVmPicRO0I07IatycutS90EEy+393IEdqAoRRufKFGbdM6+ldH2n?= =?us-ascii?q?rTtxZhMZy4M6BimlkefhxrsEPpzRV4EZtPkdQxoXMuwgtyL7iU0FVfeDOExZ?= =?us-ascii?q?rwIKHYKnHu/BCzbK7bwlXe0NeQ+qcS5/U0skjsvAa1GUc57XVn3Mda02GG6p?= =?us-ascii?q?XJEgUSS5TxXVgz9xRgoLHaeCY97ZvO1XJwKam0riPC29UxCeshyxagecpfMa?= =?us-ascii?q?ydGADoCc0VG8iuJfc0m1imcB0EJvpe9K0qMMO8cfuJxqqrMPxnnDK8gmRN+J?= =?us-ascii?q?p93V6U9ypgVu7I2I4Iw/WZ3guBSjf9g06tssPploBeYzEdAG6/xDP6BI5eeK?= =?us-ascii?q?JyZ5wHCWSwLM2twNVxmZrtV2Rf9F65CFNVkPOuLDmfYke19gpX1gxDonGqgi?= =?us-ascii?q?C/yD9cmDEzqa+ewSmIxP7tIkkpIGlOEVJ+gE/sLI78tNUTWEylfkB9jxe+zV?= =?us-ascii?q?rrzKhc4qJkJi/cRlkeLHu+FH1rTqbl7unKWMVI8p599HwNCOk=3D?= X-IPAS-Result: =?us-ascii?q?A2AfAACYhrNb/wHyM5BaGwEBAQEDAQEBBwMBAQGBUoFjK?= =?us-ascii?q?oFlKIN0lDBSBoE1iG2Nb4F6NgGEQAKEDiE1FwEDAQEBAQEBAgFsKII1JAGCX?= =?us-ascii?q?wEFIxVBEAsYAgImAgJXBg0GAgEBgl4/gXUNpkOBLoR3hSWBC4l4F3mBB4ESJ?= =?us-ascii?q?4Jrh3+CVwKIUIVCQI5qCZAyBhePWpcEATWBVSsIAhgIIQ+DJ4M3AQmNLyMwe?= =?us-ascii?q?wEBjVcBAQ?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 02 Oct 2018 14:56:20 +0000 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w92EuHaf010320; Tue, 2 Oct 2018 10:56:17 -0400 Subject: Re: [PATCH security-next v4 23/32] selinux: Remove boot parameter To: Kees Cook Cc: Paul Moore , James Morris , Casey Schaufler , John Johansen , Tetsuo Handa , "Schaufler, Casey" , linux-security-module , Jonathan Corbet , "open list:DOCUMENTATION" , linux-arch , LKML References: <20181002005505.6112-1-keescook@chromium.org> <20181002005505.6112-24-keescook@chromium.org> <785ef6a9-ae46-3533-0348-74bcf6f10928@tycho.nsa.gov> From: Stephen Smalley Message-ID: <809f1cfd-077b-ee58-51ba-b22daf46d12b@tycho.nsa.gov> Date: Tue, 2 Oct 2018 10:58:15 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/02/2018 10:44 AM, Kees Cook wrote: > On Tue, Oct 2, 2018 at 6:42 AM, Stephen Smalley wrote: >> On 10/02/2018 08:12 AM, Paul Moore wrote: >>> >>> On Mon, Oct 1, 2018 at 9:04 PM Kees Cook wrote: >>>> >>>> Since LSM enabling is now centralized with CONFIG_LSM_ENABLE and >>>> "lsm.enable=...", this removes the LSM-specific enabling logic from >>>> SELinux. >>>> >>>> Signed-off-by: Kees Cook >>>> --- >>>> .../admin-guide/kernel-parameters.txt | 9 ------ >>>> security/selinux/Kconfig | 29 ------------------- >>>> security/selinux/hooks.c | 15 +--------- >>>> 3 files changed, 1 insertion(+), 52 deletions(-) >>>> >>>> diff --git a/Documentation/admin-guide/kernel-parameters.txt >>>> b/Documentation/admin-guide/kernel-parameters.txt >>>> index cf963febebb0..0d10ab3d020e 100644 >>>> --- a/Documentation/admin-guide/kernel-parameters.txt >>>> +++ b/Documentation/admin-guide/kernel-parameters.txt >>>> @@ -4045,15 +4045,6 @@ >>>> loaded. An invalid security module name will be >>>> treated >>>> as if no module has been chosen. >>>> >>>> - selinux= [SELINUX] Disable or enable SELinux at boot time. >>>> - Format: { "0" | "1" } >>>> - See security/selinux/Kconfig help text. >>>> - 0 -- disable. >>>> - 1 -- enable. >>>> - Default value is set via kernel config option. >>>> - If enabled at boot time, /selinux/disable can be >>>> used >>>> - later to disable prior to initial policy load. >>> >>> >>> No comments yet on the rest of the patchset, but the subject line of >>> this patch caught my eye and I wanted to comment quickly on this one >>> ... >>> >>> Not a fan unfortunately. >>> >>> Much like the SELinux bits under /proc/self/attr, this is a user >>> visible thing which has made its way into a lot of docs, scripts, and >>> minds; I believe removing it would be a big mistake. >> >> >> Yes, we can't suddenly break existing systems that had selinux=0 in their >> grub config. We have to retain the support. > > Is it okay to only support selinux=0 (instead of also selinux=1)? For Fedora/RHEL kernels, selinux=1 would be redundant since it is the default. However, in other distros where SELinux is not the default, I think they have documented selinux=1 as the way to enable SELinux. So users may be relying on that as well. I don't think we can safely drop support for either one. Sorry.