Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1547301imm; Tue, 2 Oct 2018 09:54:50 -0700 (PDT) X-Google-Smtp-Source: ACcGV62CWe8xN78DLU1C7QZV6hl+dKSaAIXrYQ9rb+nlVNJpFAhr5LtXUVCqxjgJJsO3bCbv5R2s X-Received: by 2002:a62:5d0c:: with SMTP id r12-v6mr13524375pfb.123.1538499290024; Tue, 02 Oct 2018 09:54:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538499289; cv=none; d=google.com; s=arc-20160816; b=VU1L00HKs041YklTO/RhNNjnO+QjPLA2RJDV4ue1r4IkFdC4gp6tzL4WYF9OzGEnZD ko7ktdObGtRpjXbdf30LrcDrKAAwTlSLMVOnajRpevn9B1M7pBovZpajOc7S/V1NxIO+ MPcfSLETMTZqUJ3DaSxE8LyD3DKg5D5APlbxoPqstV4zFqjZe0AL4VPA/YFoi0RzwxZ5 rLTWp4Tt3NFLyNY7pOico1wKAAsG8DDZ7J/64mgFBtfPnxUDXhg1Yr5m3t8LkCMzeToN 3twGyYwR30MbhA89f6U/qrWfmyqfgU+eqOBXbkP7MhXVxfnhneP5JJ4POM8CKoGp8rbR i5eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:reply-to:cc :from:to:dkim-signature:date; bh=hPyXiMQiL414yBVhB7CdX5Zhfl5Qn5IIHIIPDV54Ioc=; b=wH+PIyjBImgx8O7a+QeCOofy7LYfXfCFbDiTFgbTahE6eqeUaQHmMCYL/bYkhetCQy DfR1nWQWNvODQ9smO2TSPTazswdw0g/YopsNCdgHdSva6jsXzdpOFiGOxqPL/GGZ6jsb Wim+rQRkLw9IVi/oEvLcaBAPaJ1/AkT6lvhJf3X/YkVcyJWufeQeoeDdDmLdAb+FN4Dn aTf3Fvlbyrjvb4hT58RHOyKjKv9Jk+aTuPHctTAL62PcEb76VOC4tWnaHAtY7W4j824v hzWYzO+tXTxZG9e8mieuW5K+go0pbIizmLbwBN630ADlGPHoZQyuxnYViGfpthhfy7Qb Jacw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.ch header.s=default header.b=q0djaeRS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.ch Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o67-v6si15231201pga.597.2018.10.02.09.54.33; Tue, 02 Oct 2018 09:54:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.ch header.s=default header.b=q0djaeRS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.ch Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728103AbeJBXS3 (ORCPT + 99 others); Tue, 2 Oct 2018 19:18:29 -0400 Received: from mail-40136.protonmail.ch ([185.70.40.136]:32249 "EHLO mail-40136.protonmail.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726525AbeJBXS3 (ORCPT ); Tue, 2 Oct 2018 19:18:29 -0400 Date: Tue, 02 Oct 2018 16:33:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.ch; s=default; t=1538498043; bh=hPyXiMQiL414yBVhB7CdX5Zhfl5Qn5IIHIIPDV54Ioc=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References: Feedback-ID:From; b=q0djaeRSpXLNuDwkMzmoXc/xqkvEWC1SY7Bclj8rkoRLvc0yREUB1QOalzX/h1Y5G 5doJCeKWD19cgOMFvhzKGIQXZ6jjmUplCqpeSjjItELyTpIwPuGvqpXyMAcZcS8o0p Zjsf0hkag7jlpQExulKlwCNsvAh0eBMSt6K3sjXw= To: Stephen Smalley From: Jordan Glover Cc: Kees Cook , Paul Moore , James Morris , Casey Schaufler , John Johansen , Tetsuo Handa , "Schaufler, Casey" , linux-security-module , Jonathan Corbet , "open list:DOCUMENTATION" , linux-arch , LKML Reply-To: Jordan Glover Subject: Re: [PATCH security-next v4 23/32] selinux: Remove boot parameter Message-ID: In-Reply-To: <809f1cfd-077b-ee58-51ba-b22daf46d12b@tycho.nsa.gov> References: <20181002005505.6112-1-keescook@chromium.org> <20181002005505.6112-24-keescook@chromium.org> <785ef6a9-ae46-3533-0348-74bcf6f10928@tycho.nsa.gov> <809f1cfd-077b-ee58-51ba-b22daf46d12b@tycho.nsa.gov> Feedback-ID: QEdvdaLhFJaqnofhWA-dldGwsuoeDdDw7vz0UPs8r8sanA3bIt8zJdf4aDqYKSy4gJuZ0WvFYJtvq21y6ge_uQ==:Ext:ProtonMail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.6 required=7.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, FREEMAIL_REPLYTO_END_DIGIT autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.protonmail.ch Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me= ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 On Tuesday, October 2, 2018 4:57 PM, Stephen Smalley wr= ote: > On 10/02/2018 10:44 AM, Kees Cook wrote: > > > On Tue, Oct 2, 2018 at 6:42 AM, Stephen Smalley sds@tycho.nsa.gov wrote= : > > > > > On 10/02/2018 08:12 AM, Paul Moore wrote: > > > > > > > On Mon, Oct 1, 2018 at 9:04 PM Kees Cook keescook@chromium.org wrot= e: > > > > > > > > > Since LSM enabling is now centralized with CONFIG_LSM_ENABLE and > > > > > "lsm.enable=3D...", this removes the LSM-specific enabling logic = from > > > > > SELinux. > > > > > > > > > > Signed-off-by: Kees Cook keescook@chromium.org > > > > > > > > > > ----------------------------------------------- > > > > > > > > > > .../admin-guide/kernel-parameters.txt | 9 ------ > > > > > security/selinux/Kconfig | 29 ------------------- > > > > > security/selinux/hooks.c | 15 +--------- > > > > > 3 files changed, 1 insertion(+), 52 deletions(-) > > > > > diff --git a/Documentation/admin-guide/kernel-parameters.txt > > > > > b/Documentation/admin-guide/kernel-parameters.txt > > > > > index cf963febebb0..0d10ab3d020e 100644 > > > > > --- a/Documentation/admin-guide/kernel-parameters.txt > > > > > +++ b/Documentation/admin-guide/kernel-parameters.txt > > > > > @@ -4045,15 +4045,6 @@ > > > > > loaded. An invalid security module name will be > > > > > treated > > > > > as if no module has been chosen. > > > > > > > > > > - selinux=3D [SELINUX] Disable or enable SELinux a= t boot time. > > > > > > > > > > > > > > > - Format: { "0" | "1" } > > > > > > > > > > > > > > > - See security/selinux/Kconfig help text. > > > > > > > > > > > > > > > - 0 -- disable. > > > > > > > > > > > > > > > - 1 -- enable. > > > > > > > > > > > > > > > - Default value is set via kernel config = option. > > > > > > > > > > > > > > > - If enabled at boot time, /selinux/disab= le can be > > > > > > > > > > > > > > > > > > > > used > > > > > > > > > > - later to disable prior to initial polic= y load. > > > > > > > > > > > > > > > > > > No comments yet on the rest of the patchset, but the subject line o= f > > > > this patch caught my eye and I wanted to comment quickly on this on= e > > > > ... > > > > Not a fan unfortunately. > > > > Much like the SELinux bits under /proc/self/attr, this is a user > > > > visible thing which has made its way into a lot of docs, scripts, a= nd > > > > minds; I believe removing it would be a big mistake. > > > > > > Yes, we can't suddenly break existing systems that had selinux=3D0 in= their > > > grub config. We have to retain the support. > > > > Is it okay to only support selinux=3D0 (instead of also selinux=3D1)? > > For Fedora/RHEL kernels, selinux=3D1 would be redundant since it is the > default. However, in other distros where SELinux is not the default, I > think they have documented selinux=3D1 as the way to enable SELinux. So > users may be relying on that as well. I don't think we can safely drop > support for either one. Sorry. It's always documented as: "selinux=3D1 security=3Dselinux" so security=3D = should still do the job and selinux=3D1 become no-op, no? Jordan