Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp1929422imj; Sun, 17 Feb 2019 18:46:31 -0800 (PST) X-Google-Smtp-Source: AHgI3IaJhKaSxuW2bzRg2rcbdOras5HG8dlAiPaud6F9lim4QE+0xuP9EhYkpV6pDvvsIywJ75dQ X-Received: by 2002:a63:4b25:: with SMTP id y37mr17101584pga.181.1550457990924; Sun, 17 Feb 2019 18:46:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550457990; cv=none; d=google.com; s=arc-20160816; b=B5Ng7DnxjulRX04kH7o4/s1/in6+19yfBehNdEs6GmMdXyNn0/wYuFNu3A0L7D6WC7 wi+GKX1W2uWha2Ilmo55rsHQoI2MZcsfO4i3pdJSlds/r8VUr21xkqsugH2+kPpic66L fKJ3jsi1e7/oq1GKh3thN6DNNw7FkQraQJ4p0CAH7AukDGYOOlHvAAXpQBCf7UEG8csU 9RUdzUiSCcmjkaRsRiqxMEM9WYyK547eZqajRz+Asq3tDalHB5TrB7hi62fOv4B/iAs9 R0x3G4e3Jq2gFYdxX3W+86q63xTNzznFtSS1LYa4Synp+m9lARQlYKgZ+7QI9iXMGrEb F4xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=/DFwKuZhp2tGU3us6NJa0n5ClRLptAu1w9i5MbORi1M=; b=HW0SxWI/85AZc4r/gP4UYjTV8/BQ1VfNEzMKy3WfWO1kEQB/AqDa8fZvrBd01iq6/A zHcDTeXZKAx5lS+Wcv5UZH7KHnYqiFuCu1UrdN0aPAJNgOk19648bX/liTOlgbtxJ7jT srX8e9oYRM1uCwS01tRBeiDEzJkLB6u5Z4LouyLFjOq00AzyIPw1MsD/wxV+Dk1Zld17 XeLjpN2zyyHGv3HxJVq0JuNmzBoVCBGVzlRUctZbDrnBJupSDfdrViprArOwPMXKaVaL VYLU0FSWcD62U0qawgNVPwE1lOVNJRj4WuUE/1N3IHQBcMWUgNxfWMxYSuydDgYgaGeX eHBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=sfIDCqcd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j9si11122335pgp.410.2019.02.17.18.46.14; Sun, 17 Feb 2019 18:46:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=sfIDCqcd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728195AbfBRCqL (ORCPT + 99 others); Sun, 17 Feb 2019 21:46:11 -0500 Received: from mail-lj1-f196.google.com ([209.85.208.196]:42883 "EHLO mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727517AbfBRCqL (ORCPT ); Sun, 17 Feb 2019 21:46:11 -0500 Received: by mail-lj1-f196.google.com with SMTP id d14so1821758ljl.9 for ; Sun, 17 Feb 2019 18:46:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/DFwKuZhp2tGU3us6NJa0n5ClRLptAu1w9i5MbORi1M=; b=sfIDCqcdOgxM6O9aAAqtZFjFWOJI+8fFxB3Ka8z80V1UdQ5bGCGBHkv9UTNkNe0Mzt eFIzlvt8RtfWMyaRAEQNkTiOHRNTPMHKzyqVFoJgVA0ye3IphqmE8Xsfk0oW9NL1rVaH wdNU4u8WJ2evLyJyCwIttFzdNk3IkHqh/QhoT/cvlBVAn9Whii+J+O2eAPrOGskSOUwj xypDlv6Zwb9An+ZX3vYRWt+Na6JEQISntD/qhKddagBhWpXUX7NDt//1u33B6/nDYto7 Ws8+XC14CCTqaAL4e4K5fUv5R6Uq6+WqcSqTWAk+d0UTZanFIoabr7QmNT/bophUiMnV RpMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/DFwKuZhp2tGU3us6NJa0n5ClRLptAu1w9i5MbORi1M=; b=G3EKbSj+oVp8Of+SEM6Hw604CL1dhV7NvXa0saOQK1p9xP1g0icNaP3zyaBV/kAA64 YJ2w5qNLX3guG1B2tGG3eGhQqACrjhJQHRZdqG82btwaDMg3cTcUBYmOqkkEli3HEnev S9rdauGYTYTIAL1pwnqS24trB3YuMUZ7nqz5l7l1uw54qNVGhdufAI0EM8S9RtEAwKS2 9yn2uCfBBHM51qFdQ5HxBo7CbLgzgnvNl3Rm0XuICmfVqfKLG5BV+poO7BV2BOaXZY23 kOP1Uuiv6sQW6jkEVpQgc94vidHu0BI2JuFyFyf5b+zHpeOjng15Q7EP6KaW0ZcPADZq aeDQ== X-Gm-Message-State: AHQUAuYgjUDEQO0JiDKBIjfy8If8Lb7Su/b9JdIFYo5r4I/fl4HGRQvA QSYfleT+ARA249lxNVhDLoqm44c7EfasHgy3JzUx X-Received: by 2002:a2e:968c:: with SMTP id q12mr2450505lji.95.1550457968559; Sun, 17 Feb 2019 18:46:08 -0800 (PST) MIME-Version: 1.0 References: <20190212182318.GA16669@beast> <5260689d-9016-bdf4-6070-13d2c88ac8a8@schaufler-ca.com> <4ed50852-abfb-773b-01e4-b4ac83e32ed3@I-love.SAKURA.ne.jp> In-Reply-To: <4ed50852-abfb-773b-01e4-b4ac83e32ed3@I-love.SAKURA.ne.jp> From: Paul Moore Date: Sun, 17 Feb 2019 21:45:57 -0500 Message-ID: Subject: Re: [PATCH v2] LSM: Ignore "security=" when "lsm=" is specified To: Tetsuo Handa Cc: SELinux , kernel-team@lists.ubuntu.com, Casey Schaufler , Kees Cook , James Morris , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Feb 17, 2019 at 12:17 AM Tetsuo Handa wrote: > On 2019/02/14 1:05, Casey Schaufler wrote: > > On 2/12/2019 10:23 AM, Kees Cook wrote: > >> To avoid potential confusion, explicitly ignore "security=" when "lsm=" is > >> used on the command line, and report that it is happening. > >> > >> Suggested-by: Tetsuo Handa > >> Signed-off-by: Kees Cook > > > > Acked-by: Casey Schaufler > > The manual for TOMOYO was updated to follow this change. > SELinux folks and AppArmor folks, can we apply this change? My main concern is that "selinux={0|1}" continues to work as it has for years. It doesn't look like this affects that, but I can't say I've dug into these changes very far. -- paul moore www.paul-moore.com