Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp824698img; Thu, 21 Mar 2019 09:40:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqwia9CXCQaGN3+UocBN89YULmyC6jhxRHbKSZ1qMy4nX7NKrWscsT6851ne0GIOlIFHwF3Z X-Received: by 2002:a17:902:7e46:: with SMTP id a6mr4548118pln.150.1553186459076; Thu, 21 Mar 2019 09:40:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553186459; cv=none; d=google.com; s=arc-20160816; b=WWDINQkXw5paevIsf3XVqiJ7rbtqZlBYux/dHdFDXSFs7Kuh7B7A5TaHRz+iXvGSme 2oDjSnh+YqzVJudUSCEENzpUu/uTRtaymJEskMKNhQYHLt1siBAp9iEEaRcUJKfvNHGt KSnqrHHT729+dwfqGhj79UtTxb4PYtPViZRRSaOhowHHEsVX41n+IL2CN6oGUNRTT+D2 nBARoI7JAfjOpyXh4jQiLosu0PztYBqvQwyobPjrsjH9KnqnaRQ9MpSn8woGWTCZVQ8d Jqb65CNAmTwYVFxEpE908zX6oHl0fEUDz4HpTGDZY3YY6rfI+0HGKFdSJKS4YRu+3xJS me5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=+d3slal8RHgIemuwqv1bVmF4kYmq9tX4rl6CabK5V6Y=; b=E/UPeuyWHwLfzn4X3XocxErmdaRMKOd74vfqIjlklAMfpiqVHKrHTBIRcm1fPkOc/p Cj5DuAFQX7AUuNYm8esBmf7EY4nHDLQcynJ/nV7goYrcbzYJ4G5lHtvuI45SbDuYh0B1 wYVgUUT+NupZGswkxC0wkRgGz3lzgJXykD1KcIvRPPpJhYLeG/UUXyMP/VGj4Ai35Hi4 XctMCV2nBr8RmRq+2xfusJW23S1ynrG1HtPaXimFTC0eifvmcrHwQYOdG3dzKpyzGARC KVrMR8KNUgdSg+T1ZoTVEckUuHhYYPDrVKzmTpr9kiQERPRD59a9Zx3LkNLf0AEh4Aev dByw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=lHxGhzfV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i1si251905pgb.322.2019.03.21.09.40.43; Thu, 21 Mar 2019 09:40:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=lHxGhzfV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728547AbfCUQih (ORCPT + 99 others); Thu, 21 Mar 2019 12:38:37 -0400 Received: from mail-ua1-f65.google.com ([209.85.222.65]:32817 "EHLO mail-ua1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728157AbfCUQig (ORCPT ); Thu, 21 Mar 2019 12:38:36 -0400 Received: by mail-ua1-f65.google.com with SMTP id g8so2150191uaj.0 for ; Thu, 21 Mar 2019 09:38:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+d3slal8RHgIemuwqv1bVmF4kYmq9tX4rl6CabK5V6Y=; b=lHxGhzfVl2+5ASLfawc/0YRK1Tz2G1mgf1RsZ6UjNJo2tGsTYGb1GGulfi5jKNp24C PZNywgkSnmRKOWRsxZaJAFzF73Yskgmsy606W6Cq4BRZjyP1qx2FW85ouhe0oFIxeEto zsKSMlAk5EMoxE6t0obr4B20G/mdBqwrZ5HVM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+d3slal8RHgIemuwqv1bVmF4kYmq9tX4rl6CabK5V6Y=; b=N8V8eDPxwcA5jjvciLbI8zrrLcgXQYXSrCP79G3a/ZapN75qW96ucJNH+gcv8bK4uY UpxEPSr/bZk5oVXPrxqMAbt8eGNK3M2vW9xNt8KEsAV6OR1BxIviR6nYssm6L7LfYS7A I4Vzqz1ggm+3vOVLs/5UPsfnnT7iNMi6wRYE/b1fIQiRl1wZIqSaTlZPNjdqs+2ChzJR W2Pa4gcB4AyM0B0cafIX4eOvUSjWFI1eZ/Iwh9Xg/TVNKik3pYLQMdKbcNNqVk6adsVy MyqRvV6BrAB0Q4kSK+ACb8kvt80t6VpEk28DQh/zOBdm2QtYtoodkeSzfkj8PeJA2mUc yPrA== X-Gm-Message-State: APjAAAVv+fC29Ola2N9DRrkFEhD/9D4dHtV4FDfC9nIPY3OujTRz/plR LZ0vzm2pDrOwUP28ZhTgzU8Lcy71NvOjPA== X-Received: by 2002:ab0:2886:: with SMTP id s6mr2337285uap.93.1553186314762; Thu, 21 Mar 2019 09:38:34 -0700 (PDT) Received: from mail-ua1-f46.google.com (mail-ua1-f46.google.com. [209.85.222.46]) by smtp.gmail.com with ESMTPSA id w68sm3585081vkw.9.2019.03.21.09.38.32 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Mar 2019 09:38:32 -0700 (PDT) Received: by mail-ua1-f46.google.com with SMTP id r21so2117937uan.11 for ; Thu, 21 Mar 2019 09:38:32 -0700 (PDT) X-Received: by 2002:ab0:72c2:: with SMTP id g2mr2464248uap.112.1553186311977; Thu, 21 Mar 2019 09:38:31 -0700 (PDT) MIME-Version: 1.0 References: <20190315110555.0807d015@cakuba.netronome.com> <20190315120105.5541ad46@cakuba.netronome.com> <20190315165440.53b9db3c@cakuba.netronome.com> <2bf23acd-22c4-a260-7648-845887a409d5@i-love.sakura.ne.jp> In-Reply-To: <2bf23acd-22c4-a260-7648-845887a409d5@i-love.sakura.ne.jp> From: Kees Cook Date: Thu, 21 Mar 2019 09:38:20 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: mount.nfs: Protocol error after upgrade to linux/master To: Tetsuo Handa Cc: Casey Schaufler , Jakub Kicinski , linux-security-module , Trond Myklebust , "open list:NFS, SUNRPC, AND..." , Anna Schumaker , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 19, 2019 at 3:56 AM Tetsuo Handa wrote: > > Since Kees Cook seems to be busy now, here is my version... > > From 885553e4793d9af2d4e9e99c7d137b0ec7b5f8ad Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa > Date: Tue, 19 Mar 2019 19:52:31 +0900 > Subject: [PATCH] LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig" > > Commit 70b62c25665f636c ("LoadPin: Initialize as ordered LSM") removed > CONFIG_DEFAULT_SECURITY_{SELINUX,SMACK,TOMOYO,APPARMOR,DAC} from > security/Kconfig and changed CONFIG_LSM to provide a fixed ordering as a > default value. That commit expected that existing users (upgrading from > Linux 5.0 and earlier) will edit CONFIG_LSM value in accordance with > their CONFIG_DEFAULT_SECURITY_* choice in their old kernel configs. But > since users might forget to edit CONFIG_LSM value, this patch revives > the choice (only for providing the default value for CONFIG_LSM) in order > to make sure that CONFIG_LSM reflects CONFIG_DEFAULT_SECURITY_* from their > old kernel configs. > > Reported-by: Jakub Kicinski > Signed-off-by: Kees Cook > Signed-off-by: Tetsuo Handa > --- > security/Kconfig | 36 +++++++++++++++++++++++++++++++++++- > 1 file changed, 35 insertions(+), 1 deletion(-) > > diff --git a/security/Kconfig b/security/Kconfig > index 1d6463f..743e594 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -239,9 +239,43 @@ source "security/safesetid/Kconfig" > > source "security/integrity/Kconfig" > > +choice > + prompt "Default security module [superseded by 'Ordered list of enabled LSMs' below]" > + default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX > + default DEFAULT_SECURITY_SMACK if SECURITY_SMACK > + default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO > + default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR > + default DEFAULT_SECURITY_DAC > + > + help > + This choice is there only for converting CONFIG_DEFAULT_SECURITY in old > + kernel config to CONFIG_LSM in new kernel config. Don't change this choice > + unless you are creating a fresh kernel config, for this choice will be > + ignored after CONFIG_LSM is once defined. > + > + config DEFAULT_SECURITY_SELINUX > + bool "SELinux" if SECURITY_SELINUX=y > + > + config DEFAULT_SECURITY_SMACK > + bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y > + > + config DEFAULT_SECURITY_TOMOYO > + bool "TOMOYO" if SECURITY_TOMOYO=y > + > + config DEFAULT_SECURITY_APPARMOR > + bool "AppArmor" if SECURITY_APPARMOR=y > + config DEFAULT_SECURITY_DAC > + bool "Unix Discretionary Access Controls" > + > +endchoice > + > config LSM > string "Ordered list of enabled LSMs" > - default "yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" > + default "yama,loadpin,safesetid,integrity,selinux" if DEFAULT_SECURITY_SELINUX > + default "yama,loadpin,safesetid,integrity,smack" if DEFAULT_SECURITY_SMACK > + default "yama,loadpin,safesetid,integrity,tomoyo" if DEFAULT_SECURITY_TOMOYO > + default "yama,loadpin,safesetid,integrity,apparmor" if DEFAULT_SECURITY_APPARMOR > + default "yama,loadpin,safesetid,integrity" > help > A comma-separated list of LSMs, in initialization order. > Any LSMs left off this list will be ignored. This can be This is mostly good. I'd like to keep the other LSMs listed though (similar to what I had originally) so that if a legacy-major doesn't initialize, later ones will be. I want to remove the concept of "major" LSMs. The only thing that should matter is init order... -Kees > -- > 1.8.3.1 > > -- Kees Cook