Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp320827imm; Wed, 3 Oct 2018 17:04:25 -0700 (PDT) X-Google-Smtp-Source: ACcGV60E68ggxvqLpuifpMM7VAdpoTA2PhhISwCFzzrw48ZA4gQMiHU7dayw7FgETh/g3Q4Y5cvs X-Received: by 2002:a17:902:5a89:: with SMTP id r9-v6mr3889710pli.95.1538611465377; Wed, 03 Oct 2018 17:04:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538611465; cv=none; d=google.com; s=arc-20160816; b=nkObtvHZiMb0Qjxkfu6eWjwD+OXpoBsr+5s2cgr8Rr2Mt7nFOWxkl2wbWAfBEkV9HQ bzFhuYiarsjnXcra+g6C1ntnPomJVGLC0R7w8ybkq1zr35hyh0ODjpxr8NOWnxzAi0jx nvHLhD7zOqHUZ5x3owEy8P2XsDwxnjgq9GFrQhZk0eMMV/gzXaRP/Op/ry41mxd49Nxw BWXZ5e0le4aJRNAN+V4lBL2xnsjJxaSxIq2gaQGaRQWgF81ehL3XHw32SwMb+OoJW4t5 rXscWxTsaLT5AT6SC7QAveJARSGCnGvXM0csFmm0D+SdHq8R181q9PKqiAWg6Asb4GIK Ilbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=bmL0ZyPC0ChRPdmL9WJ4CMlC25RswfvQYlntOSokPnQ=; b=QWixrxsv8AK2tgT1bvpmme7PcatCrGPUCohINkWIjEqScP5K34/N2gTDRPxzqFO7aO vR9S6otuffmer4bLy8XLoDLmDSR1sOT/d12MJEIqIHc/xqI6hDsCf8EWb5koDcBUItiC fiFFDWhpLk5Z2Gcm1TwMfGiU3nSSiw3QDhMhds7HFYM/G/VJ491B7tBdD0pqUtOAzNvu CktgHb/gCaW+zkjVDmZ5ECtZM7J7T41q8MXbrKlJfLEYVegB4elckzAeYzsOYeP9okRR +BB0iG76rhxWFbq5CMpBQVDzuMK24B1+s3RNRRuT++zdD3ScM4vtSkndgJu3gJNhwpGp TeRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=RTLjzHrG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c21-v6si3144444plz.283.2018.10.03.17.04.10; Wed, 03 Oct 2018 17:04:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=RTLjzHrG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727283AbeJDGyg (ORCPT + 99 others); Thu, 4 Oct 2018 02:54:36 -0400 Received: from mail-yb1-f170.google.com ([209.85.219.170]:42491 "EHLO mail-yb1-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727206AbeJDGyf (ORCPT ); Thu, 4 Oct 2018 02:54:35 -0400 Received: by mail-yb1-f170.google.com with SMTP id p74-v6so3176369ybc.9 for ; Wed, 03 Oct 2018 17:03:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bmL0ZyPC0ChRPdmL9WJ4CMlC25RswfvQYlntOSokPnQ=; b=RTLjzHrG8qvsQTgyIVVQqV6vJZzXuH9f2wd/G/9lwZ40a33lEHc2JFkqQcRsDx61pZ xb8z/BZ77fd0a2XR90Ro6efOirtKv69bnQmAFOqXllOX+7gVRFWIVYf0Y49/r1ylogZF KT8RV2XSFIr4MH2wwUsb2+v7tttgoDzdaffzU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bmL0ZyPC0ChRPdmL9WJ4CMlC25RswfvQYlntOSokPnQ=; b=B2kQTZ7IGXB3VSJ1G46mAkT+4GVulwQPzqvCSJlGtykZ6O4bnM8HZUdb2p+Jd+3Wq7 PRwkyy5eWECeHs7ofFtrQvcp7f5nE6TDEVbSs9Dm8/3cAmPQjN6AmqG+z3QLxw+jM8WO P8UJqbZZSae8Isg4HTiMF+hJAfP5O9QvZva2N1CYCzp/fe5QZS1Q+VC0J83IBgnYs+RY jQJf/SNzEVWbjbTldkcUIZNjEaMK/gQ24+mL6g0dmqahugrguWlZM7+ZqKfc3SM6s2i4 BzDQEZaDiBPAYdPMBuiyBqFzW0PE3lNC5wYsLk6HSSvh6MYoxE0ub8N2mAnQe+pEJ/lG ud6w== X-Gm-Message-State: ABuFfoi8WQtcCk2qv0XjpXiW8aIvAos/FR24ft8THlJsEAmPBmqI35/B JS3XDyui9HNktcVl0pTpqlDFVDqhOPw= X-Received: by 2002:a25:4846:: with SMTP id v67-v6mr2259685yba.355.1538611437212; Wed, 03 Oct 2018 17:03:57 -0700 (PDT) Received: from mail-yb1-f177.google.com (mail-yb1-f177.google.com. [209.85.219.177]) by smtp.gmail.com with ESMTPSA id w207-v6sm3574296yww.95.2018.10.03.17.03.55 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Oct 2018 17:03:55 -0700 (PDT) Received: by mail-yb1-f177.google.com with SMTP id h1-v6so3190744ybm.4 for ; Wed, 03 Oct 2018 17:03:55 -0700 (PDT) X-Received: by 2002:a25:640a:: with SMTP id y10-v6mr2344354ybb.421.1538611434689; Wed, 03 Oct 2018 17:03:54 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d116:0:0:0:0:0 with HTTP; Wed, 3 Oct 2018 17:03:53 -0700 (PDT) In-Reply-To: <6037a1f0-7af1-9847-91f6-6444f04f5b21@infradead.org> References: <20181002005505.6112-1-keescook@chromium.org> <809f1cfd-077b-ee58-51ba-b22daf46d12b@tycho.nsa.gov> <5955f5ce-b803-4f58-8b07-54c291e33da5@canonical.com> <6037a1f0-7af1-9847-91f6-6444f04f5b21@infradead.org> From: Kees Cook Date: Wed, 3 Oct 2018 17:03:53 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH security-next v4 23/32] selinux: Remove boot parameter To: Randy Dunlap Cc: James Morris , John Johansen , Jordan Glover , Stephen Smalley , Paul Moore , Casey Schaufler , Tetsuo Handa , "Schaufler, Casey" , linux-security-module , Jonathan Corbet , "open list:DOCUMENTATION" , linux-arch , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 3, 2018 at 4:59 PM, Randy Dunlap wrote: > To me, "security=selinux" means SELinux and nothing else, so I think that > all of these params are inviting a lot of confusion. > > Sorry, I don't have a good answer for this. This part, at least, has a pretty clear solution. :) The consensus is to limit "security=" to what have been considered the "major" LSMs" so it'll work in spirit the way it was designed. The goal of the new options, though, is to find something that'll fit all the ways LSMs are getting used: the majors, the minors, and the coming "medium" LSMs. The precedent is pretty good here, since "security=" already ignores the minor LSMs: Yama and LoadPin. So it'll just control the enable/disable of the "major" LSMs, who will carry an internal marking indicating that they're mediated by "security=" (and no new LSMs would get this marking). -Kees -- Kees Cook Pixel Security