Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp4180463imj; Tue, 12 Feb 2019 11:10:01 -0800 (PST) X-Google-Smtp-Source: AHgI3IbLZ0/TFzR4YP7R4dBOlsg11pPdH2ViXVz7eqhoLREDJWym4y9wHsjSoz2IGXxjsXy++tY+ X-Received: by 2002:a63:6ac5:: with SMTP id f188mr4992316pgc.165.1549998601066; Tue, 12 Feb 2019 11:10:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549998601; cv=none; d=google.com; s=arc-20160816; b=DNaI5hB3C9tgidrOqsuamltfE9Pyc42lqw90rxl6x7okMepslQa27+fCeWR6W0Lnkt Ra67HwVMn/X1FqdZEZ9T5wIcKuoHqQ/oCKBUM4OUaXUBGOa9oZGYYt9vDoc6ZmnbTsEk sUEdp3Ni7oqCOPi4yv4RJmpOwqeFAYOOeuii7xWgqg4AkOj1Z0M/tCZJCVx9RzUyLZWt DzIljsf5bwf8Bvs2ASRgYTHnjs2Ck+hMhnIlOgrchyZR9CI0UUAMiAZn8Z7ddIsGUaAW lDgg5YLytkZd8c+rbL/M/q8p4cQf/x4W44qbUXJTcA+Ni2eb+5ONcs416EAYmqRk3Idd LRgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition:mime-version :message-id:subject:cc:to:from:date:dkim-signature; bh=fZynsMqP80440N33/zyWh+nSbTs5Z2QL/QCUJqp1qGU=; b=nOS1l2YGSrymBuxN46Bigwza6ZLJSt/Bxwogb/x8MdjFJUgXGLHcvskIQTieg0r6kt No2nK64M62OB+c7mzLAyaJNBRmA5VBHwo4LCvxQjWt7aEWh7h4G/HYUsRRYnAWOhGZKC DoKUv3fzbt7d2JT1RjBmAFDnphtJSBy4E23bIK0AOBWHxH9+ieY5+VfOgUXmoizRs1qb zh7Ls+K3Z952w8xa1Jfl10G8qpIfs7XlGlMfLFeWdftN0msbIph4svOzuuUAoq0p/cen 33rhO5g8DX0CgUt5HM52zv+pTvT2HKa2KMV/VKGk+eVwBNp+PZng5T8KgHGPytGYwjxw N10w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=dt65tWm4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p7si6730221pgp.284.2019.02.12.11.09.31; Tue, 12 Feb 2019 11:10:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=dt65tWm4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730097AbfBLSXV (ORCPT + 99 others); Tue, 12 Feb 2019 13:23:21 -0500 Received: from mail-pf1-f195.google.com ([209.85.210.195]:36639 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727548AbfBLSXV (ORCPT ); Tue, 12 Feb 2019 13:23:21 -0500 Received: by mail-pf1-f195.google.com with SMTP id n22so1688880pfa.3 for ; Tue, 12 Feb 2019 10:23:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=fZynsMqP80440N33/zyWh+nSbTs5Z2QL/QCUJqp1qGU=; b=dt65tWm4NckOQG+gXubMg9ozXeAHtWhmTfXZBlkIq/JgJgR7dCF4/eX6nCYSl+f/Nd KErOIJOxgjvL2Yx8TXEGmryRehxfy4dKrc6lWuGXlEVOS5mUlRU9o1GJzHHlupNOTELy +heAxF/O/uUhSqFZs3en+J/27jIzgtJLkLsvE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=fZynsMqP80440N33/zyWh+nSbTs5Z2QL/QCUJqp1qGU=; b=IzXWuMJoeAm7I3MwrhcDxgrxLmxRWbntKdLlTDbinJ3VKUvJigj/4AgUbaFI57hF4K ZQbihzfbZI45f2f0Bk6jyy6mecpKyHy2P6zD+O7Xq6Cuq/XECUvu0KI1c29+1n8265B/ GE2kx3TOwbi+0Ji/77N/7KFQVQVnK1w3mcDu9wCUR10CZ/ZZZUpgMl/JIXRxTo1Tawua Jf2+y+HoMc6lgWsZtVKhMSxL5txIHc2W07E1PJe/ZTLSoZxyqEt7a23w5cfxAp08mA3J zLfiCbYWVoGav8ynFln82rmatDRddny+d+Faz/tVNN8jwKSyEGd+k4D9HgZX/m7CNDYF 2YwQ== X-Gm-Message-State: AHQUAub8JZXsAjIZyHOzpOTvn+EjFoT3xbVW73eTSBocTUgyqVOP5w+x i4Kud4SIPcC24LwzXB2/5AKtVg== X-Received: by 2002:a62:b2c3:: with SMTP id z64mr5187699pfl.149.1549995800723; Tue, 12 Feb 2019 10:23:20 -0800 (PST) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id y5sm44730501pge.49.2019.02.12.10.23.19 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 12 Feb 2019 10:23:19 -0800 (PST) Date: Tue, 12 Feb 2019 10:23:18 -0800 From: Kees Cook To: James Morris Cc: Tetsuo Handa , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] LSM: Ignore "security=" when "lsm=" is specified Message-ID: <20190212182318.GA16669@beast> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org To avoid potential confusion, explicitly ignore "security=" when "lsm=" is used on the command line, and report that it is happening. Suggested-by: Tetsuo Handa Signed-off-by: Kees Cook --- Documentation/admin-guide/kernel-parameters.txt | 10 ++++------ security/security.c | 8 ++++++-- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 93d2c97f28fe..a0abd5f56e00 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2340,7 +2340,7 @@ lsm=lsm1,...,lsmN [SECURITY] Choose order of LSM initialization. This - overrides CONFIG_LSM. + overrides CONFIG_LSM, and the "security=" parameter. machvec= [IA-64] Force the use of a particular machine-vector (machvec) in a generic kernel. @@ -4129,11 +4129,9 @@ Note: increases power consumption, thus should only be enabled if running jitter sensitive (HPC/RT) workloads. - security= [SECURITY] Choose a security module to enable at boot. - If this boot parameter is not specified, only the first - security module asking for security registration will be - loaded. An invalid security module name will be treated - as if no module has been chosen. + security= [SECURITY] Choose a legacy "major" security module to + enable at boot. This has been deprecated by the + "lsm=" parameter. selinux= [SELINUX] Disable or enable SELinux at boot time. Format: { "0" | "1" } diff --git a/security/security.c b/security/security.c index 3147785e20d7..23cbb1a295a3 100644 --- a/security/security.c +++ b/security/security.c @@ -288,9 +288,13 @@ static void __init ordered_lsm_init(void) ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms), GFP_KERNEL); - if (chosen_lsm_order) + if (chosen_lsm_order) { + if (chosen_major_lsm) { + pr_info("security= is ignored because it is superseded by lsm=\n"); + chosen_major_lsm = NULL; + } ordered_lsm_parse(chosen_lsm_order, "cmdline"); - else + } else ordered_lsm_parse(builtin_lsm_order, "builtin"); for (lsm = ordered_lsms; *lsm; lsm++) -- 2.17.1 -- Kees Cook