Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp5768473img; Wed, 27 Mar 2019 15:06:49 -0700 (PDT) X-Google-Smtp-Source: APXvYqwHYzDAurl+31rCE5Yoss0rs28Wfh24xRCp4Ej+Ckzx8lyjLqJPHUBiIyLr0LCeUFR/MHMk X-Received: by 2002:a17:902:822:: with SMTP id 31mr39444106plk.290.1553724409489; Wed, 27 Mar 2019 15:06:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553724409; cv=none; d=google.com; s=arc-20160816; b=uKx9KL4T8nV6/OsWm7kUGLAEXBYr1K7QOOxaRVb9hfu5FkwQ6YQYLOqcNiwsBA5qCe K6E4ra2AKmGc9ovyOPMjZyQhqx4fyZYgpXXZFNssEngF4ffhHX9qv59JxBVxUUJeYCwO nu3UclHwvL6Sf3bkPjw2vDWeG/8uzhA+/EDoX3WRvZmbuv6X+cmHlyh8TJiMz+hui53u /R0AVmqUfMmHt/WNFZYhM8cEEjklh973nYWfVaURenGZocZmzCfuLgdsS3V8xT2n5uAz 7q3o1UKu8z/dEIhpHnKnRL1PRnAJMANRaWjZ6ybkqUV/lh0xvtGswgud0RSDkSys42jj BUwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=XOoYmDdN/GyYX0qyUmKTV4ft9nu28taAyAciQmxYFu8=; b=JBSSDyY5nADzJauKMKbaCIRzB3HScBXOjVdJZ1jMf0sDUrerWcT6EQrX5Pm01Uvx+U NqK9Cw9cfyklutKPPFRGP+1cW+3RuS8/q2inkvtxKLPFvjSl0iF8IuBZWiWXnTCFIetk io6ldLNoI43WZc833Fpg3mopVlYe1jkX4la26nwyTjv8tXgw1MBoRVH1WD7KQf2AxIN4 +vlKVq27S8ke1qi2QvuBJrsUUHqCBoNeqLt8L/yKsXYQPVvZuelA/7gmctvb4OCmtZFF QUeoT5qJPbx84FHEyAerXI8vCDwevDK++Q/6wVX1VHa2xmOZ3e6LIXDJXBlrLUfV30HK CfvQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z5si18835354pgb.415.2019.03.27.15.06.33; Wed, 27 Mar 2019 15:06:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727567AbfC0WFe (ORCPT + 99 others); Wed, 27 Mar 2019 18:05:34 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:28008 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727436AbfC0WFe (ORCPT ); Wed, 27 Mar 2019 18:05:34 -0400 Received: from fsav108.sakura.ne.jp (fsav108.sakura.ne.jp [27.133.134.235]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id x2RM5Ebb082597; Thu, 28 Mar 2019 07:05:14 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav108.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav108.sakura.ne.jp); Thu, 28 Mar 2019 07:05:14 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav108.sakura.ne.jp) Received: from [192.168.1.8] (softbank126072090247.bbtec.net [126.72.90.247]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id x2RM5EcB082594 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NO); Thu, 28 Mar 2019 07:05:14 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: Re: Linux 5.1-rc2 To: Kees Cook Cc: James Morris , Randy Dunlap , Linus Torvalds , Linux List Kernel Mailing , linux-security-module , Jakub Kicinski References: <2d4f3bfa-22c7-a18c-3902-fe1b6ac401f7@infradead.org> <8811b2e4-28e1-2f01-024b-fb7d0196483f@i-love.sakura.ne.jp> <98289cd2-095a-f0cd-e405-887ecbba0030@i-love.sakura.ne.jp> From: Tetsuo Handa Message-ID: Date: Thu, 28 Mar 2019 07:05:14 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019/03/28 6:43, Kees Cook wrote: >>> I don't see problems for an exclusive LSM user (AA, SELinux, Smack) >>> also initializing TOMOYO, though. It should be a no-op. Is there some >>> situation where this is not true? >> >> There should be no problem except some TOMOYO messages are printed. > > Okay, so I should send my latest version of the patch to James? Or do > you explicitly want TOMOYO removed from all the CONFIG_LSM default > lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry > the latter will lead to less testing of the stacking.) > My approach is "opt-in" while your approach is "opt-out". And the problem here is that people might fail to change CONFIG_LSM from the default value to what they need. (And Jakub did not change CONFIG_LSM to reflect CONFIG_DEFAULT_SECURITY_APPARMOR from the old config.) Thus, I suggest "opt-in" approach; which includes up to only one legacy major LSM and allows people to change the default value to include multiple legacy major LSMs. You can propose your latest version. If SELinux/Smack/AppArmor people prefer "opt-out" approach, I'm fine with "opt-out" approach.