Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp5701775img;
        Wed, 27 Mar 2019 13:31:29 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxCeyVEKQit0uOA6aIZDdSXVAk62xiFJ8n7Dy94PLKGJUB7ur/0cIL9/J/DZ4DhxMdjfjHb
X-Received: by 2002:aa7:8841:: with SMTP id k1mr37073984pfo.115.1553718689217;
        Wed, 27 Mar 2019 13:31:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553718689; cv=none;
        d=google.com; s=arc-20160816;
        b=UZr7n7UkZZxaYd4G7Zl6IRciV3VpMancqVAiWjZlSY0003EhWLIx6T6RHZWuCwdgXA
         sB8MMDlW+4MCtDlxccZQHDI/py5Y21EFtuDPzYrqgQHTvwJZzBrRgeO/kK5AiBlVpZN0
         WTqm4iBt0luyF1u6FHg+IHO5syZv3E0OeUNdZjN97cx/PWlXYq0hWKdCOt5qJKNH5B+Q
         CGSXRocRrC3dGlNV3osfvhWfLdi5PuZNSRrkCacB+WPlnFrcd6YTXPZyWU/EzCrwucCl
         QJ6ph7s2AWcqeQBZ+0ZAv5ifk02UzTlSfElgcun6HwGjhFRNwqU2rIDahlvnqIxUTHif
         pmJQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject;
        bh=EOQSYVHgXrJP3p6qw+qxZuRGmREeowKFsQZXIbcW/R0=;
        b=lMhixD6MKiBXHzM8xCtjRtLvNP0XkbaMz2qIlUc22O2OlggsOQ0n12rv9hyYkSBZQS
         OYc/2UavA7CfFaTXCXe9cOH8a/508PYPrr8KUranmcemwvm2Je4s+M0JKVcYuZhlpCpi
         TR/at1lsFY+aCz/EmdOcpxX1ow+CXOKIxRcuoIse2bfro2uMH3ZqKObrQQp9wPH9lyoT
         h3DnzWFQmBDCa+upqmqURl4nJSZD9cA0EOS9el+TOJIKOsIu/TtvKV0x8UfW+vpIn54O
         pH6Z/8TAUmCfs2NVsPRoLt6BxN4sHHQUxUfHG+/Ojf2b1ZsvDPCuA54AZ9vMGxbwwky/
         0VKA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n15si1654758pff.144.2019.03.27.13.31.12;
        Wed, 27 Mar 2019 13:31:29 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726344AbfC0Uab (ORCPT <rfc822;yuankui.zhao@gmail.com>
        + 99 others); Wed, 27 Mar 2019 16:30:31 -0400
Received: from www262.sakura.ne.jp ([202.181.97.72]:26373 "EHLO
        www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725841AbfC0Uaa (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 27 Mar 2019 16:30:30 -0400
Received: from fsav110.sakura.ne.jp (fsav110.sakura.ne.jp [27.133.134.237])
        by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id x2RKU9wd052787;
        Thu, 28 Mar 2019 05:30:09 +0900 (JST)
        (envelope-from penguin-kernel@i-love.sakura.ne.jp)
Received: from www262.sakura.ne.jp (202.181.97.72)
 by fsav110.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav110.sakura.ne.jp);
 Thu, 28 Mar 2019 05:30:09 +0900 (JST)
X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav110.sakura.ne.jp)
Received: from [192.168.1.8] (softbank126072090247.bbtec.net [126.72.90.247])
        (authenticated bits=0)
        by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id x2RKU4cv052765
        (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NO);
        Thu, 28 Mar 2019 05:30:09 +0900 (JST)
        (envelope-from penguin-kernel@i-love.sakura.ne.jp)
Subject: Re: Linux 5.1-rc2
To:     Kees Cook <keescook@chromium.org>
Cc:     James Morris <jmorris@namei.org>,
        Randy Dunlap <rdunlap@infradead.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
        linux-security-module <linux-security-module@vger.kernel.org>
References: <CAHk-=wgg_PRWs3a6u2gnFLQjhxOJcrFkqqWVnLw60eQAwD-DNw@mail.gmail.com>
 <2d4f3bfa-22c7-a18c-3902-fe1b6ac401f7@infradead.org>
 <alpine.LRH.2.21.1903260607500.13529@namei.org>
 <8811b2e4-28e1-2f01-024b-fb7d0196483f@i-love.sakura.ne.jp>
 <CAGXu5jJZ1H1RFMFBxPsoBW+T17ya+50-d7-31Gr9ciRgpCOaDA@mail.gmail.com>
From:   Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Message-ID: <98289cd2-095a-f0cd-e405-887ecbba0030@i-love.sakura.ne.jp>
Date:   Thu, 28 Mar 2019 05:30:04 +0900
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.6.0
MIME-Version: 1.0
In-Reply-To: <CAGXu5jJZ1H1RFMFBxPsoBW+T17ya+50-d7-31Gr9ciRgpCOaDA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2019/03/28 4:16, Kees Cook wrote:
> The part I don't understand is what you've said about TOMOYO being
> primary and not wanting the others stackable? That kind of goes
> against the point, but I'm happy to do that if you want it that way.

Automatically enabling multiple legacy major LSMs might result in a confusion like
Jakub encountered. For a few releases from 5.1 (about one year or so?), since
CONFIG_DEFAULT_SECURITY_* will be ignored after CONFIG_LSM is once defined in
their kernel configs, I guess that it is better not to enable TOMOYO automatically
until most people complete migrating from CONFIG_DEFAULT_SECURITY_* to CONFIG_LSM
and get used to use lsm= kernel command line option rather than security= kernel
command line option.