Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp5726479img; Wed, 27 Mar 2019 14:06:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqxy+iTxLj+F18pIbc85ONT66inT4PnEiJi1NnQ6+mN37qg9+1qHgwuP/duLn1yeEDj5+P2M X-Received: by 2002:a65:60da:: with SMTP id r26mr36823855pgv.294.1553720808518; Wed, 27 Mar 2019 14:06:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553720808; cv=none; d=google.com; s=arc-20160816; b=fe2ifLZ0JMYYFiGQDimldNTLLHGqusAEzt6/VaJSZ9a/VPC6zBJPamDKP3pWMPB/ez S0vMUqZ9L4bBcQmQ0KaZM5mzPHclYNsd/skuYzAnJl8dB3xIRF7kyQPfIITVlCgDeBM/ cJl992jPC/HIjRDgRmT1IN2SmaqcpDN8P1T8wDKy8nHZ/m6H7RP3RdsSesGlnIWpR4Lx B/dEQ0b97Pq9SK9Ic8a9Qb//L6S0fl9Q9YRgc3DdUViDTR3uiUjWNeKIRv9g80UiIFR9 fvnLfsYsdOG9BLCdFoeBWuvkgAr15xg8Ny9Pt+odqETotmepj/H4Nxo2DyR543GRu4dZ E0bA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=3Wvt6QD5okBfnMBcTI0Io9mfNSBudbFURHlZTBGhyqk=; b=PXj3hHBh/i46rfNqVqQuZUSRmTf/jPOxX7DyxdHXSpi18c3iIfitETtNQNm5BN5xOs AK0k3nCqFQdawE4MZHbLuLLoTCOAz6npOMMETcP0PZkrBYrNyouH/zDaEaNRFmVrjnq9 PwmU0nm6sVhnKhoN28e1KIkaNu5fK6I95J+A890YSydsqNbXZcAP5MEzhnr38ZgpDgO4 nu6h9N3cVRrcSvCYF1yTxXSdlGZz1U6fAKViyOtgvaEOb0UOtrp660cRVHVfOEYbdc0M ZHx0DmQ6vqpITy0KzviDRcsiCO3aCGkvrsffnVKk6OAVoBH+dir2+rtvKtpxvy4U1Z02 lvWA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k86si19537618pfj.145.2019.03.27.14.06.32; Wed, 27 Mar 2019 14:06:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727430AbfC0VF5 (ORCPT + 99 others); Wed, 27 Mar 2019 17:05:57 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:60531 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726176AbfC0VF5 (ORCPT ); Wed, 27 Mar 2019 17:05:57 -0400 Received: from fsav109.sakura.ne.jp (fsav109.sakura.ne.jp [27.133.134.236]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id x2RL5gnA061482; Thu, 28 Mar 2019 06:05:42 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav109.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav109.sakura.ne.jp); Thu, 28 Mar 2019 06:05:42 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav109.sakura.ne.jp) Received: from [192.168.1.8] (softbank126072090247.bbtec.net [126.72.90.247]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id x2RL5gjL061479 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NO); Thu, 28 Mar 2019 06:05:42 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: Re: Linux 5.1-rc2 To: Kees Cook Cc: James Morris , Randy Dunlap , Linus Torvalds , Linux List Kernel Mailing , linux-security-module , Jakub Kicinski References: <2d4f3bfa-22c7-a18c-3902-fe1b6ac401f7@infradead.org> <8811b2e4-28e1-2f01-024b-fb7d0196483f@i-love.sakura.ne.jp> <98289cd2-095a-f0cd-e405-887ecbba0030@i-love.sakura.ne.jp> From: Tetsuo Handa Message-ID: Date: Thu, 28 Mar 2019 06:05:42 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019/03/28 5:45, Kees Cook wrote: > On Wed, Mar 27, 2019 at 1:30 PM Tetsuo Handa > wrote: >> >> On 2019/03/28 4:16, Kees Cook wrote: >>> The part I don't understand is what you've said about TOMOYO being >>> primary and not wanting the others stackable? That kind of goes >>> against the point, but I'm happy to do that if you want it that way. >> >> Automatically enabling multiple legacy major LSMs might result in a confusion like >> Jakub encountered. > > The confusion wasn't multiple enabled: it was a change of what was > enabled (due to ignoring the old config). (My very first suggested > patch fixed this...) Someone else might get confused when TOMOYO is automatically enabled despite they did not specify TOMOYO in lsm= or security= or CONFIG_LSM. > >> For a few releases from 5.1 (about one year or so?), since >> CONFIG_DEFAULT_SECURITY_* will be ignored after CONFIG_LSM is once defined in >> their kernel configs, I guess that it is better not to enable TOMOYO automatically >> until most people complete migrating from CONFIG_DEFAULT_SECURITY_* to CONFIG_LSM >> and get used to use lsm= kernel command line option rather than security= kernel >> command line option. > > It sounds like you want TOMOYO to stay an exclusive LSM? Should we > revert a5e2fe7ede12 ("TOMOYO: Update LSM flags to no longer be > exclusive") instead? (I'm against this idea, but defer to you. I think > it should stay stackable since the goal is to entirely remove the > concept of exclusive LSMs.) I never want to revert a5e2fe7ede12. For transition period, I just don't want to automatically enable TOMOYO when people did not specify TOMOYO. > > I don't see problems for an exclusive LSM user (AA, SELinux, Smack) > also initializing TOMOYO, though. It should be a no-op. Is there some > situation where this is not true? There should be no problem except some TOMOYO messages are printed.