Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1818823imm; Tue, 2 Oct 2018 14:39:51 -0700 (PDT) X-Google-Smtp-Source: ACcGV61sEl1LobtktShkFVgDdr1VBvXq6sVKv01Tw30ROSB4VQ7aez2r93E1P1SpYKox77eCGk+f X-Received: by 2002:a62:9c4a:: with SMTP id f71-v6mr12986416pfe.135.1538516390981; Tue, 02 Oct 2018 14:39:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538516390; cv=none; d=google.com; s=arc-20160816; b=RIvFHUT94ONgFXo9u2+rJuGL3VOfhthNUOPQKjGhgT6XjS5kTPN8dDA9GPd9rRHokj Y9aXzqj1uLpSA+jCAR79rMRn1F/O857zOPnrzutN9roFczjxm70yAzHKLB3KzCfkeq1X frvyAEmphaqhUOg46DZdO6m7VWG3f3tl7sYNqNfJM8k+l8FhT4+oUdK38eTCENG2UGR7 nioTbQaqDb7xi8wSN2Zi8lSP8lFOeMJb9mg85hUwEcT/ymj9+XazXeXBbplSeRUKb+Jr 5OTb2EWbZIy3yMckzvIN2NYDd+dVFhag7TOQzihMaBYir4rn9+XRRPUg4o+ziOY4lcHN EXzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=9U346hGaAvFdwuDfRtVfUPZUdxyBrP9tyHzIfWdZO6U=; b=mlqQKRdKndnGhMcCqUvpqu8gZj2AYAZNCmVRApzADJkaoPou1K+PCd/6s6eT7bF5Xu qJKUtAejWPvPs2AlJ0T/cfNOFCUfjgRCzAdbhFerPFMHelxDtwCjrqmJ8TNxJ20DOsVY or6mh8tWqeoV4XuXGNGIeFUUfeokSuJ7/JQitJx9i1pZb4m7JbaD5euu998OT0CvqAQA PCPzoh3S/Gfpn9I8QNMB6ssFJG8s2Ujj9UW8ELijlvwj4ds8/gkUaoKrwHqMnrhWZ7Gd hiNU+Jloj1GThpqvO+Wm9HBtpaaPBDCbwdC5X/UlQ8GckntNME29DQmC9Z9YHHdH8DVm LbOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NMiT4lOj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q15-v6si10808118pgg.477.2018.10.02.14.39.36; Tue, 02 Oct 2018 14:39:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NMiT4lOj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728653AbeJCEXf (ORCPT + 99 others); Wed, 3 Oct 2018 00:23:35 -0400 Received: from mail-yb1-f193.google.com ([209.85.219.193]:44525 "EHLO mail-yb1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727416AbeJCEXf (ORCPT ); Wed, 3 Oct 2018 00:23:35 -0400 Received: by mail-yb1-f193.google.com with SMTP id x5-v6so1464410ybl.11 for ; Tue, 02 Oct 2018 14:38:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=9U346hGaAvFdwuDfRtVfUPZUdxyBrP9tyHzIfWdZO6U=; b=NMiT4lOj6R7864F2apfpBwr9YrJZaHu1v1M1lJlUKGQGxn8IVg/nvC8ctMgg6veLuF TfU1+CDk3xeswoLTq4PSmrhqYLUfgDrne/W3SjpfDwdx7RRopnP5AaDiMGEWdTu1gDp6 CNVyunL879b84Grv/g2tsu+HPjc6gEQsw7FJk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=9U346hGaAvFdwuDfRtVfUPZUdxyBrP9tyHzIfWdZO6U=; b=geN2Sy2/zSWwkXvH6o2L3peECd5xGVuV0QxAm4xodIL9KiQJ4in2cD/n1zBQSUZX7/ BRCy4AGQDBVSaw+oY0wEnVivisd9g1axWITJ1poBVmoB8+0kVnz+Z+iNw75BOkt3E2kN iAX/Shj8Vkqkmd/H2YNrfFMaAp/E7TrfoAnl62Th8zUZNHSEoAN4HslCspkqSudr4OnU dxRcOk6VK6DNSmKwgHvTq4sAtYbK4SsyO+35W8kzlaPBbG7rRwsygNP/BlfoQhPXyvPa kj+hP4n+sFxxWfKcoumvbhXptqXprJ96mWutrVZCpeD4rxNX6oRjq5zE9461Y17qh7uX ae/w== X-Gm-Message-State: ABuFfoidrF9UFnQ74x6oxZR+hS6BUuTaVARA+OWPwTX5RCAwfmMqCeQ3 X7RSMUtL85GvBs00ssPVmWaW9+AnGJs= X-Received: by 2002:a25:3292:: with SMTP id y140-v6mr1670270yby.238.1538516291194; Tue, 02 Oct 2018 14:38:11 -0700 (PDT) Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com. [209.85.219.178]) by smtp.gmail.com with ESMTPSA id f63-v6sm4473104ywc.21.2018.10.02.14.38.06 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Oct 2018 14:38:07 -0700 (PDT) Received: by mail-yb1-f178.google.com with SMTP id 184-v6so1486156ybg.1 for ; Tue, 02 Oct 2018 14:38:06 -0700 (PDT) X-Received: by 2002:a25:2395:: with SMTP id j143-v6mr1547958ybj.137.1538516286591; Tue, 02 Oct 2018 14:38:06 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d116:0:0:0:0:0 with HTTP; Tue, 2 Oct 2018 14:38:05 -0700 (PDT) In-Reply-To: References: <20181002005505.6112-1-keescook@chromium.org> <20181002005505.6112-11-keescook@chromium.org> From: Kees Cook Date: Tue, 2 Oct 2018 14:38:05 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH security-next v4 10/32] LSM: Don't ignore initialization failures To: James Morris Cc: Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , Jonathan Corbet , "open list:DOCUMENTATION" , linux-arch , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 2, 2018 at 2:20 PM, James Morris wrote: > On Mon, 1 Oct 2018, Kees Cook wrote: > >> LSM initialization failures have traditionally been ignored. We should >> at least WARN when something goes wrong. > > I guess we could have a boot param which specifies what to do if any LSM > fails to init, as I think some folks will want to stop execution at that > point. > > Thoughts? I'm not opposed, but I won't author it because Linus will yell at me about introducing a "machine killing" option. -Kees -- Kees Cook Pixel Security