Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp3699016ima; Tue, 23 Oct 2018 09:49:20 -0700 (PDT) X-Google-Smtp-Source: ACcGV63uQJ4cDZhx9tbX4NrANzP5wN5EO/ojk72cNBq0HxQGyU6ZJE5uR6R87Al3G+On3wXsWteS X-Received: by 2002:a17:902:e01:: with SMTP id 1-v6mr43975486plw.207.1540313360101; Tue, 23 Oct 2018 09:49:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540313360; cv=none; d=google.com; s=arc-20160816; b=mum1fldL0Jq22VrSrYnsBiiikyLB2/U+RKiaKaxWFXK/JhIycT6Iv8LpQCsRg6nwlD JG8RrXs8tcnLEJtv3MKVakmC0vecwnSbo3x/Jyemsfly270AWKKDxIQQiiRRDGH3FT3h aZ1qDfVRQqea5AoRqAH8NwLijQoliBo9zKzgsEMEZ5DnHMEcDjeEIVAmEOIz1/gFMIp/ GOHnOx4IEjS5v+IuGRxwIUGeAlPbZ99Hvbhm0WbFdYPJXZTXedLpm8BpZLKYVN3gUq5P Fshzj6ABc//dEooiEJm8Wz5k6qsjoQRvSmn0wGb3Ydrx0qLfAMR94Xh6SvvoZLJBhwPf bk+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=yynKm9stIduSWPbk4zo7xnaN/eaxsH/tXE8xgOv8za4=; b=la+Raf/3m6Dsw9cobIgqamXe0HZ91f2DBAhrBDUXVgsZQny+X6fyH3B3OHCj0cJx9x TMGIjS/FhiKor0m3C5fZ9UReUxIT51TPfH5Bbgc85Di/TSoQyP3Cpm2vKjUi2PkxBeNV kO3zku5xu3zC/nXqnqZSW52lrLxC3lcD8x2KKSwxduptVa6xcF8lWzD1TTcjFHP4Bvuq TaKc4gBX67g4jr+BBpUmhJYScpuYeis05DpbPcUeJi8a4iq9n+Kben5cXGgn7eG7WXtX 2zp55hMsMgNOKATCqXb7z9gPzBOCfEJ5JpIrAzaI4BaZSICB4K+3yvY4x5WnAfSkOxKO TUfw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=KmrBgLXa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t5-v6si1605572pgt.7.2018.10.23.09.49.03; Tue, 23 Oct 2018 09:49:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=KmrBgLXa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728574AbeJXBMe (ORCPT + 99 others); Tue, 23 Oct 2018 21:12:34 -0400 Received: from sonic311-28.consmr.mail.gq1.yahoo.com ([98.137.65.209]:35176 "EHLO sonic311-28.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727402AbeJXBMe (ORCPT ); Tue, 23 Oct 2018 21:12:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1540313303; bh=yynKm9stIduSWPbk4zo7xnaN/eaxsH/tXE8xgOv8za4=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=KmrBgLXalpL5wnPbINQPxmTe5mWs3L7LrF+NppQU6xT5bgvBCsLzx/seWDLCESfaKCwOSlabL7CkCBc/2CpTWGrSkDvnxRP01SPYERD6FM0O/M4lJzoHD+//caWWHy+xZenUKC3JDooY5o2E0V+D5OXmrUo7MrRgGq+RsCbF0fJEPdm4y/lOZW6LYdat2S5mZKCts/fnZ7MD04TLscgbGGwgJzN+9ZoEeeM4UUV1cWN/6I78b2H5D4xElxlrwvJEHY4W15h8bIkGIFU7uWIQs5z/FZToEC/b7f/XDHq3PC44oc0eA+uaJLG1iascY+8r13t56zc2MK5WbOoH3gZPkQ== X-YMail-OSG: v.mP48gVM1lVhhZ4ugFahggzMCsjQncp6iymfalc1FGk0O6IcBXU1v0Tu6Epgfe AWFJMvOcKN3JQ9voTSxUZS6XKWkztuXgAKPvmi85EqsV8UzNZ0ch80TQcRsBIpniY.lRL_kjNKAV bINZc94RadbEEDLRpAD4JCs42VHHM5LQBkg1ZUwZymjelO5RDxwIAHnUNPisZZh_yAmZVIx_JpxI MjV0_vZh1foSFiwrjUFTKZUllfegaAyOQaCmz5R0jFcdD.LgLCIcUTk61_k2JNBd94obG7GxVl1O vtXR.05ag9JzKjfW8Rn8qzFfBp5ScT9_wbs4ee7Fx4aexqff8f9eGmuMqS2yuC9FSgviTeMqnoBl AadEN2FMw4WJ5bJYv78qcJ8AdukY9MQKLgH4M5zAZUX.GnbhPIqfSL5fRrcPA4fqBamYBY0dfXAI teqkpugihjAoPOjMRknze1vnJt.0SRYEsVpMJmFTg.AQsru1mTrpufienXIjBnpOlJd5hSFwJsox oi.qzJYhEyFrQTsnWnS2GPuaNS3mDfCHzqg8PTc75WdN8FuWgXXxJ2gh8OVvEjkjqzxFRR84UldL alQCKmJJA.Wmbu81AlxObS.d4BoOPRoIMpm6VUGF1yDksC61Q8pF6s7U2UZXbAA6DAJJD9Kp45DQ 1LUz3HDTt7XgPSt1yZECSABuW.izuKJVRCAMJSd2iRkDaO.lmayCxnVcjJiRHJptofx7KTWM5Tu9 uBMYZPAQiO3WLuSQFlOao530WhifPImaGv0u6dVRSgtWAPJkmCrHR0I_dkHlkEDsM4KPxffJ2uCk Bs2btmt75fPt4WasNHqiiDOH5WDHAxQ0.NC2XQZ.8OWU1zueONdBZ2u_8S3KsufKuFeLrJVKSVvO 2a3zGEHXanhuOwPnWQONC1QboSDSI9SOoE5JQajpeD3feaCTYVMcPpbZ6eAY.YtH6JSfrx.bf5JF n91r5gvqAaQKjrabbklAOwwePvvV2F3ioCGN1Okul1DWN0IF0nX.NIKObGpuqqouh6MJn_U5QpL9 V41lwwOJ7PVgbqyumYEQjaGD0S_eZOu3et8xtE6NuBVlG_BUdQEGNO9Mn5eGCdwx4U4kUbdlGTt3 4yAfoXkvhYombS3AiDfNBJ_VSXzWkQWmuUJc1TWJQ1k5HjpFU2Hzf9qD8UfsT Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.gq1.yahoo.com with HTTP; Tue, 23 Oct 2018 16:48:23 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp411.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID b419b420ec331b823b05909e1f5b1a99; Tue, 23 Oct 2018 16:48:22 +0000 (UTC) Subject: Re: [PATCH security-next v5 00/30] LSM: Explict ordering To: Kees Cook , John Johansen Cc: Jordan Glover , James Morris , Stephen Smalley , Paul Moore , Tetsuo Handa , Mimi Zohar , Randy Dunlap , LSM , "open list:DOCUMENTATION" , linux-arch , LKML References: <20181011001846.30964-1-keescook@chromium.org> <32stV62RmME8Dj5jKB8Z03zPe_Et72kMo71D8SpgSOHUo6SaROc8DomMWdk5jDGpyqVd8T63NIIK2NdDw95clpF8Uj47Wca2FBFItXDRh7E=@protonmail.ch> <38dde301-d77e-35fd-88d4-5cdc5b570ee8@canonical.com> <_CkJnKYmEZ4ZF0JtsSYuahAd9sgnX9OtcstjXaeqb8wn5uxfimc6S4jomly7If9VqnOXqXwaiCbJ9ttS6NiqE7n6cQUlwLvfO53paLmacvU=@protonmail.ch> <8251564f-ba7a-1777-a606-dec472b32f35@canonical.com> From: Casey Schaufler Message-ID: <96e92224-aedf-5026-d6dd-b29121b4dc0d@schaufler-ca.com> Date: Tue, 23 Oct 2018 09:48:20 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/12/2018 12:01 PM, Kees Cook wrote: > On Friday, October 12, 2018 3:19 AM, John Johansen > wrote: >> It isn't perfect but it manages consistency across distros as best as >> can be achieved atm. > Yeah, this is why I'm okay with the current series: it provides as > consistent a view as possible, but leaves room for future improvements > (like adding "+" or "!" or "all" or whatever). > > I'm curious to see what SELinux folks think of v5, though. I *think* I > addressed all the concerns there, even Paul's "I want my distro > default to not have extreme stacking" case too. > > -Kees Looks like I should go on vacation more often. :) I am generally opposed to fancy specification languages. I support the explicit lsm= list specification because you don't have to know any context to create a boot line that will work, and be as close to what you've specified as possible for the kernel configuration. One need look no further than the mechanisms for setting POSIX ACLs for an example of how to ensure a feature isn't used. Had we the foresight to make security= take a list of modules when Yama was added we might have avoided some of this brouhaha, but there was no reason to expect that stacking was ever going to happen back then.