Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp5701775img; Wed, 27 Mar 2019 13:31:29 -0700 (PDT) X-Google-Smtp-Source: APXvYqxCeyVEKQit0uOA6aIZDdSXVAk62xiFJ8n7Dy94PLKGJUB7ur/0cIL9/J/DZ4DhxMdjfjHb X-Received: by 2002:aa7:8841:: with SMTP id k1mr37073984pfo.115.1553718689217; Wed, 27 Mar 2019 13:31:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553718689; cv=none; d=google.com; s=arc-20160816; b=UZr7n7UkZZxaYd4G7Zl6IRciV3VpMancqVAiWjZlSY0003EhWLIx6T6RHZWuCwdgXA sB8MMDlW+4MCtDlxccZQHDI/py5Y21EFtuDPzYrqgQHTvwJZzBrRgeO/kK5AiBlVpZN0 WTqm4iBt0luyF1u6FHg+IHO5syZv3E0OeUNdZjN97cx/PWlXYq0hWKdCOt5qJKNH5B+Q CGSXRocRrC3dGlNV3osfvhWfLdi5PuZNSRrkCacB+WPlnFrcd6YTXPZyWU/EzCrwucCl QJ6ph7s2AWcqeQBZ+0ZAv5ifk02UzTlSfElgcun6HwGjhFRNwqU2rIDahlvnqIxUTHif pmJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=EOQSYVHgXrJP3p6qw+qxZuRGmREeowKFsQZXIbcW/R0=; b=lMhixD6MKiBXHzM8xCtjRtLvNP0XkbaMz2qIlUc22O2OlggsOQ0n12rv9hyYkSBZQS OYc/2UavA7CfFaTXCXe9cOH8a/508PYPrr8KUranmcemwvm2Je4s+M0JKVcYuZhlpCpi TR/at1lsFY+aCz/EmdOcpxX1ow+CXOKIxRcuoIse2bfro2uMH3ZqKObrQQp9wPH9lyoT h3DnzWFQmBDCa+upqmqURl4nJSZD9cA0EOS9el+TOJIKOsIu/TtvKV0x8UfW+vpIn54O pH6Z/8TAUmCfs2NVsPRoLt6BxN4sHHQUxUfHG+/Ojf2b1ZsvDPCuA54AZ9vMGxbwwky/ 0VKA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n15si1654758pff.144.2019.03.27.13.31.12; Wed, 27 Mar 2019 13:31:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726344AbfC0Uab (ORCPT + 99 others); Wed, 27 Mar 2019 16:30:31 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:26373 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725841AbfC0Uaa (ORCPT ); Wed, 27 Mar 2019 16:30:30 -0400 Received: from fsav110.sakura.ne.jp (fsav110.sakura.ne.jp [27.133.134.237]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id x2RKU9wd052787; Thu, 28 Mar 2019 05:30:09 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav110.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav110.sakura.ne.jp); Thu, 28 Mar 2019 05:30:09 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav110.sakura.ne.jp) Received: from [192.168.1.8] (softbank126072090247.bbtec.net [126.72.90.247]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id x2RKU4cv052765 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NO); Thu, 28 Mar 2019 05:30:09 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: Re: Linux 5.1-rc2 To: Kees Cook Cc: James Morris , Randy Dunlap , Linus Torvalds , Linux List Kernel Mailing , linux-security-module References: <2d4f3bfa-22c7-a18c-3902-fe1b6ac401f7@infradead.org> <8811b2e4-28e1-2f01-024b-fb7d0196483f@i-love.sakura.ne.jp> From: Tetsuo Handa Message-ID: <98289cd2-095a-f0cd-e405-887ecbba0030@i-love.sakura.ne.jp> Date: Thu, 28 Mar 2019 05:30:04 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019/03/28 4:16, Kees Cook wrote: > The part I don't understand is what you've said about TOMOYO being > primary and not wanting the others stackable? That kind of goes > against the point, but I'm happy to do that if you want it that way. Automatically enabling multiple legacy major LSMs might result in a confusion like Jakub encountered. For a few releases from 5.1 (about one year or so?), since CONFIG_DEFAULT_SECURITY_* will be ignored after CONFIG_LSM is once defined in their kernel configs, I guess that it is better not to enable TOMOYO automatically until most people complete migrating from CONFIG_DEFAULT_SECURITY_* to CONFIG_LSM and get used to use lsm= kernel command line option rather than security= kernel command line option.