Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp2306320imm; Thu, 11 Oct 2018 08:15:42 -0700 (PDT) X-Google-Smtp-Source: ACcGV63/eOD/CDyH9Wehf0NswkNhM4SbObPhdcOMIvecHsRjYm/m/rpPBlfPbkpVXmmlKGcD7Zq9 X-Received: by 2002:a62:2bc2:: with SMTP id r185-v6mr1990985pfr.21.1539270942559; Thu, 11 Oct 2018 08:15:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539270942; cv=none; d=google.com; s=arc-20160816; b=q+K8zJXEP6wt5GqpukHZUdSPFaIH/2DP/WpIyIYDp1uz+pyDvp0ib9hmje2Wd5e6Rb bI+vrL8dGXg0MmorUCun9+GctRWBwVCfNoY/MBCuIcQ+2YPfzlVBISmAfvRy0reUqyyD d/1GUdCUdhHNLMe7Lwywh8VijgCgEMtIbnWLLjaLOItyoqYQ2IR3gRw9dRQ++fZR0RhO 0lGFxauVSRuTpJUTQaQwL39mLiPTIxPxBawYVsLoRpBZd6NGSDq8lc0d+W585FgbQQmk g6fvCcm+sWgIptIk5CU9BMnb7smtzHF7DtezkV7LTSDe5P2e1rS6p5AaUhiPBx1FPj3v JjNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=vhHOhK6qIvD03E5j82CJydF0koblL9qnnu+X5reyDNk=; b=KM7vTHd9MixfgVGqJMl7dpbDimzBctf4upx9JJIXUguJ42B/gvv6tW7h1qlNC+nd0B oChytKxsk1Xu/sUEsMJ5vXsPga9UX4WgGftrcTVyej8kgoNxzXuex7rnKtI2UOUt82U4 L1tCqrgzCluohM1ubRPgqV+vWN7KYrogZzNXo90BfhPH4IJf7oAnOaahekzvI9+ipBN5 kyFUF2572d4vrMwyTqV9N8YHwr9YRfHiigoZOD7DL2CctilpNteUdtl0s3/cLgqhPPqn /Lw1wGLDn7NyFbx7OzAo757sid8Hj5RziWZXt+yu8lawfED2bPqYaVv+0tnHYrPqpeNs 5w6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=hGmW4Qvy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c6-v6si27042516plr.91.2018.10.11.08.15.26; Thu, 11 Oct 2018 08:15:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=hGmW4Qvy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727944AbeJKWmG (ORCPT + 99 others); Thu, 11 Oct 2018 18:42:06 -0400 Received: from mail-yb1-f195.google.com ([209.85.219.195]:43496 "EHLO mail-yb1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726054AbeJKWmF (ORCPT ); Thu, 11 Oct 2018 18:42:05 -0400 Received: by mail-yb1-f195.google.com with SMTP id w80-v6so3731374ybe.10 for ; Thu, 11 Oct 2018 08:14:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vhHOhK6qIvD03E5j82CJydF0koblL9qnnu+X5reyDNk=; b=hGmW4Qvy01/0H+oeR2sl6jaevIREHbKsBEeL0KgYGYQVDxkg3lguRP1SCw0IB6mIEM lcd9gOlmm+cx38qOiw+KFjaAweXG14NOjliA2sDOs3WJoL7RKDrGdDEFBEwiDMjwPNDH CUSMpMk/UmVS/aA67+3zE8Mn15lZsTiNbaGas= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vhHOhK6qIvD03E5j82CJydF0koblL9qnnu+X5reyDNk=; b=pEur3xcUrxf/G/Asb0UK/ajgc/Dc9KziAPDI9uhrE8o1MRAFTLujrtLPPH+gvZi7HQ aqeZlht7enV1Lrwdgo8DNfkz7NUF1NWlZSoveKgb5MrvxAUGIK2m1Z5hMZrTCP7BgYDt bZiYMFW/X8aEE531nvY9k7jRTUhUqqh8IVyZkZ66stn70fLhSegnW6Dr6dfuVYsXwgqu yhCbfSfyvXPh7t1PwrSXOEtPZyzTauARklGEIgAAbyHvuzy0MVSCB77spTfR82+MRWBL AVUgrj5+TjFRPy9FDT3BOCGvMj8eT41hzz/bJYuQYOBPRSXiCEWHG28+e0l/kbJ3OnaJ Uv1w== X-Gm-Message-State: ABuFfohRTvtWHt0lLwL4mqLEQf7NSyVxmY+fvK/QqTsxhJZhHSdj6ZW2 jiq+iSD7LHkjAgOYmFrNMQMud7WI6kQ= X-Received: by 2002:a25:d947:: with SMTP id q68-v6mr1028829ybg.262.1539270868194; Thu, 11 Oct 2018 08:14:28 -0700 (PDT) Received: from mail-yw1-f52.google.com (mail-yw1-f52.google.com. [209.85.161.52]) by smtp.gmail.com with ESMTPSA id w201-v6sm22431005ywa.79.2018.10.11.08.14.26 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 08:14:26 -0700 (PDT) Received: by mail-yw1-f52.google.com with SMTP id 135-v6so3715195ywo.8 for ; Thu, 11 Oct 2018 08:14:26 -0700 (PDT) X-Received: by 2002:a81:98cb:: with SMTP id p194-v6mr1074104ywg.353.1539270865726; Thu, 11 Oct 2018 08:14:25 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d116:0:0:0:0:0 with HTTP; Thu, 11 Oct 2018 08:14:24 -0700 (PDT) In-Reply-To: References: <20181011001846.30964-1-keescook@chromium.org> From: Kees Cook Date: Thu, 11 Oct 2018 08:14:24 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH security-next v5 00/30] LSM: Explict ordering To: James Morris Cc: Casey Schaufler , John Johansen , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , Jordan Glover , LSM , "open list:DOCUMENTATION" , linux-arch , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 10, 2018 at 8:45 PM, James Morris wrote: > On Wed, 10 Oct 2018, Kees Cook wrote: > >> v5: >> - redesigned to use CONFIG_LSM= and lsm= for both ordering and enabling >> - dropped various Reviewed-bys due to rather large refactoring > > Patches 1-10 applied to > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general > and next-testing. Very cool; thanks! As for the rest, I could post some examples of how the new CONFIG_LSM and "lsm=..." work (and how they mix with the "legacy" options). Would that be helpful? -Kees -- Kees Cook Pixel Security