Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp402278ima; Fri, 1 Feb 2019 05:13:36 -0800 (PST) X-Google-Smtp-Source: ALg8bN7ZdtyGzx8cxiMCqbrj/dVQMIbm9E38CQVBGq9GSat9DEnDtiFad6uVgEkAHhqtPRs+2SGW X-Received: by 2002:a62:22d4:: with SMTP id p81mr40385612pfj.16.1549026816716; Fri, 01 Feb 2019 05:13:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549026816; cv=none; d=google.com; s=arc-20160816; b=Irg3/VKjrGeZX8TvVijJBjeMywPui8fwzJpzU+UIZk4Nganh80XIJIfk1ssINMuIbW MgOgiLkzAUKxG85o9Gartm3n/MHJqCq/hM8BnhFIj55CdDsNySWPKGPsA3uS/F2IuW04 T4FN0MPdGI9lfkol/6+VZRKrMJr5pl5nHxOLkD9qWOdd/8EQ/nu8QFl/k8la7NTaXFEK 0eQz5sum47muFrIU0GWiLcEkcT2G5hdCsELs8Z0bEmrtHIRrmdokROvv27Tj4nipWqjj nAxmqRIKmzPqjVMNtPCHrDkSMueJHmMN56reex6+t1VfNnVtXKdt28LAkZTxVJa0yXRa nraw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=2A2M2ZMZ/wCWRb+8E4OkhtXLoj3hqWBhsNxXkRcbDUM=; b=pSzqql3ftabkzUBQEAYZgGpKXy6kTIbVbVBye72n2vceXOe88S7S7lvNpRFcckm6w4 qUk/cWeU053t0DKpCUs+Xs7JfBs9VoE4QJTX6UExlvWCqbt8iYBvABVkd4hLyw3cv8kV VWlc6p0gWLgb+TFe54tpKMsKbyzMW0pkIT7dSDzqOvM+Bs1wUvVvIx6CIl8VvEJB4wXJ P2olJLrJ3ysy0yPQhzy91F1amHt8deXLMibb2KNV/DBKnR/gSR9cGchyGgEVe1J7jLpY cAXERpGbz3Rus0K3pIBAvz54+VBQu8XN6skC47NdQYoaYiMPU2aVoc84X/rHaFF49TVh cCaQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3si1888111pgc.365.2019.02.01.05.13.14; Fri, 01 Feb 2019 05:13:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727829AbfBANKF (ORCPT + 99 others); Fri, 1 Feb 2019 08:10:05 -0500 Received: from www262.sakura.ne.jp ([202.181.97.72]:35861 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726821AbfBANKF (ORCPT ); Fri, 1 Feb 2019 08:10:05 -0500 Received: from fsav104.sakura.ne.jp (fsav104.sakura.ne.jp [27.133.134.231]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id x11D9Ccq066519; Fri, 1 Feb 2019 22:09:12 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav104.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav104.sakura.ne.jp); Fri, 01 Feb 2019 22:09:12 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav104.sakura.ne.jp) Received: from [192.168.1.8] (softbank126126163036.bbtec.net [126.126.163.36]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id x11D95h3066451 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NO); Fri, 1 Feb 2019 22:09:12 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: [PATCH] LSM: Allow syzbot to ignore security= parameter. To: Dmitry Vyukov Cc: Casey Schaufler , Paul Moore , Stephen Smalley , syzbot , tyhicks@canonical.com, John Johansen , James Morris , LKML , linux-security-module@vger.kernel.org, Serge Hallyn , syzkaller-bugs , Jeffrey Vander Stoep , SELinux , Russell Coker , Laurent Bigonville , syzkaller , Andrew Morton References: <000000000000c178e305749daba4@google.com> <1ea19628-3bbe-2073-d623-824337c15ed6@tycho.nsa.gov> <6c9112a2-33f3-0c29-c944-1d129a0026e7@tycho.nsa.gov> <05340d28-36c2-267e-d54e-416fddfba211@i-love.sakura.ne.jp> <71e3652b-b222-0c3f-8b48-5980ddcaeb93@i-love.sakura.ne.jp> From: Tetsuo Handa Message-ID: <52531a69-10ed-d263-be66-e707705597d6@i-love.sakura.ne.jp> Date: Fri, 1 Feb 2019 22:09:02 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019/02/01 19:50, Dmitry Vyukov wrote: > On Fri, Feb 1, 2019 at 11:44 AM Tetsuo Handa > wrote: >> >> On 2019/02/01 19:09, Dmitry Vyukov wrote: >>> Thanks for the explanations. >>> >>> Here is the change that I've come up with: >>> https://github.com/google/syzkaller/commit/aa53be276dc84aa8b3825b3416542447ff82b41a >> >> You are not going to apply this updated config to upstream kernels now, are you? >> Removing CONFIG_DEFAULT_SECURITY="apparmor" from configs used by upstream kernels >> will cause failing to enable AppArmor (unless security=apparmor is specified). > > > We do use security=apparmor, see: > https://github.com/google/syzkaller/blob/master/dashboard/config/upstream-apparmor.cmdline > https://github.com/google/syzkaller/blob/master/dashboard/config/upstream-selinux.cmdline > https://github.com/google/syzkaller/blob/master/dashboard/config/upstream-smack.cmdline > Oh, security= parameter is explicitly specified on all targets? Then, we can abuse CONFIG_DEBUG_AID_FOR_SYZBOT option. ;-) LSM folks, may we use this patch for linux-next.git ? CONFIG_DEBUG_AID_FOR_SYZBOT is a linux-next.git-only kernel config option used by syzbot. From c7d21f9c1c0b610ddea4233b89edf7d3140b8baf Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Fri, 1 Feb 2019 22:03:55 +0900 Subject: [PATCH linux-next] LSM: Allow syzbot to ignore security= parameter. LSM is going to get infrastructure managed security blob support in Linux 5.1, and it becomes possible to run TOMOYO with SELinux/Smack/AppArmor. But for compatibility reason, since security= parameter makes it impossible to run TOMOYO with SELinux/Smack/AppArmor, syzbot can't test that combination. Therefore, this patch allows syzbot to temporarily ignore security= parameter. This patch is meant for linux-next.git only, and will be removed after infrastructure managed security blob support went to linux.git. Signed-off-by: Tetsuo Handa --- security/security.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security/security.c b/security/security.c index ef03643..0632feb 100644 --- a/security/security.c +++ b/security/security.c @@ -346,12 +346,14 @@ int __init security_init(void) } /* Save user chosen LSM */ +#ifndef CONFIG_DEBUG_AID_FOR_SYZBOT static int __init choose_major_lsm(char *str) { chosen_major_lsm = str; return 1; } __setup("security=", choose_major_lsm); +#endif /* Explicitly choose LSM initialization order. */ static int __init choose_lsm_order(char *str) -- 1.8.3.1