Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp38526img; Wed, 27 Mar 2019 16:23:20 -0700 (PDT) X-Google-Smtp-Source: APXvYqwgCiZ7M4S3hs8Y2oVy7rG1SGEeSvS0JIBnWkSAaRsqELGsoTmOrUYOr24WUMKv5fSCiWMx X-Received: by 2002:a65:6107:: with SMTP id z7mr23178869pgu.313.1553729000712; Wed, 27 Mar 2019 16:23:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553729000; cv=none; d=google.com; s=arc-20160816; b=iWS5lpyv7Br4ZbOL7jzbFhLWKv6RZtx9YT5Ydd6DrVHRyxDCe+xR5voxMeQgAxWMkR nEuBzxwWiSFkWC00LVvuHH+B0Xp092hKbXhm8GqVLQE0IIucz5mWplwJVZcNmpU5Q0ZT jh/UyVRFn5bn5hRzWNGg9w9jqGTggoufZTlkkYDZmi7vNzMjJ2JyQUvWvcd26nYJpc6i Xl0+pT3aDc7dzOkKXP9MuSCLYddfJKCL+zjHgfPR/RQT2B2aeZBkXVkdunqEdwwzrIid x/uhOiByyxt3zPI0fxrgQIhhruvG6rZL52mPJh7mhMlHHulNrdJiynqE2rT1uKcjlPWw qLRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=N1Y/xduTzQ6OCXrnnL0IaMKjTfMgIdc3bfsoLE+5rlg=; b=WZBitsxmqO01vzr7sIEBG6K7hHqdLMKbTs87QadzKzcl/pmzw1OijxYuHthxWGQQVF bPJxEbTdkTQKK8e9uhppBchZO5ECR4gXqlDnkiDp6XsNb0EKJNA78uyekOc62e0yGm+h n81H0qdTVdnDB5B5zWehjERDms0L84MIRycYPow2BTLUw84fc5wTBaG5sQUGHoSNlP0t uRte/JYawXwmYXGWbMlmWeLJOlyEVP31iztSgKsyPaRQU7pGcTsRZyR7P1XZ/qxFXiEj 6ZQNwmWCwCOOZY1YVwqv1SRmoivm//RbmWEHSd8v+yCWDa5ixrs1IWfKqWLHUbegD+zR Uyhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=fj2q6R2k; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j1si19202808pgi.414.2019.03.27.16.23.04; Wed, 27 Mar 2019 16:23:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=fj2q6R2k; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728154AbfC0XWW (ORCPT + 99 others); Wed, 27 Mar 2019 19:22:22 -0400 Received: from sonic302-28.consmr.mail.gq1.yahoo.com ([98.137.68.154]:46816 "EHLO sonic302-28.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726127AbfC0XWW (ORCPT ); Wed, 27 Mar 2019 19:22:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1553728941; bh=N1Y/xduTzQ6OCXrnnL0IaMKjTfMgIdc3bfsoLE+5rlg=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=fj2q6R2kHAt0j1d8EWDP9nKXw2cakpe+P6FdQcBU+DYmb4miOiT5loYR0Ny4SB1KESJrm92mDuS21RN3p0n0PmWc95fB4bLVugaOtanxuL72qTrKAfwG1wszyd94p50f1XN25Ydixiy2duoOivV6PsWNed9V5Q/YmnIRU9uT91vLp993bwSf6nUsEcq1w1AnqYU0qZk+gOJvft7MXoTUGshMQgVKnJLILCAsnV8e4cB8/QWd+WHv8T2GMUs3d8np2VOSMjGEDZlKFGzRFTal0Dno5NbGc0fmK8oqI6I7V1bw+Xu/E7riq2TgxOohZNTm/1S4cts9nMjeLeKr+1J5Mw== X-YMail-OSG: sSnwK4MVM1n_3LlM8eBw_W0JdHYIHM8dc8OWjwNKcf9EvIMDwsP3cv74VH3ol4B mI9LvJe7jm27oyFQoEu9EIurbPw3b3IgNHzD915x4AsTw.VTb5zpFCWaZnPYMomGFV0a99rx84Nt AtVozKluqfmw6wIXb7C7MERsvveF_XAjW7AUYSzl7sa6bnX515PnIVFIw9V2sfQKzSy73MgPjHpX WHvmP2AgUBXpRgJfBtT1zy0VBlCIHWWiZ_yTU09j34gHi50U2JKKs0ygcQoOdA8SzsexxZqgVcSw .4l.2XbKV6_xejPvQ0xIOXvoi0Lx_0HFjDFkCS.onV.qlK5T39VyV.9K_tae4K3NCI0VJ47iud0_ GJ8VkaaQJdVC0uXvt2x8B0PerB9FSG0V8X91A3MEZJxOxF2Ctf7og_IF6v6p_MNnOTTQAwr5puSz 8fBAB2orY23hwwbPQyI8ATNMnsQaJAkPEX.OzfD7P3N.HSgIPYctoURCUWEM.DEag3ORrpWgQZm5 3.wpRRap1l24gG5nYat1lJvUtBYRWY437kWmig7RsozKmaBt6nH8PPvUGUtoF1SYNHJEJMVbCaqR ME2u.QgeXzbUdjpGFgofjmN372k8a0TZtNqeF4zI89X4DhqmucNQG7OOBXVoO34NyN5tLUVeHlNu 7YhBKZ6TM7RDj.__MaNZEMRslDdTD0g68GWOL8YJTt_riOczpbbjB4TXexVUXEtjwQDjkdGLgtjp viNoA1xz8jNKY0meoAmY2dhZZn3jVxw1jc71xrjz_iyE2ag5QuMizXqBrbjbsbHuwnEHaoHICyUN WZpbKRje0E_jIYSfNk5AnfRtn_Z7oVgyHRWHgUIAKH6FoSe4VIN4T7NB_LQCtzcDbgZOYgwSaloJ g451y016Y5pQKSpc7axo0Xff1e4HgNPLgSAdqs84VVBNmjm4NkI82LXlg2SPvmKPtrafXbSJkfrL BXWMBpBkaORzX.ypXyZ0SKscsAdFGxqx.gThYWwtT5t7FPpLknyU4nMzx3bS2Vzj_20a5ZfZkqY5 DyK6_vlUQRontjc5UpJmJzYwhfYQBmlPOpfGmysPKGhSrpSUlUX3VVUsdplXcTP7X9MFebnMwn3L NB6cZfsX0Xdo6tg35z3r13ql4Da6tCEUUZlO7s1d_73sb7P0xIXx4tlq6VCifKd8W Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.gq1.yahoo.com with HTTP; Wed, 27 Mar 2019 23:22:21 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.103]) ([67.169.65.224]) by smtp411.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID c47a114b913bbcdfe59eab58e290194c; Wed, 27 Mar 2019 23:22:16 +0000 (UTC) Subject: Re: Linux 5.1-rc2 To: Randy Dunlap , Tetsuo Handa , Kees Cook Cc: James Morris , Linus Torvalds , Linux List Kernel Mailing , linux-security-module , Jakub Kicinski References: <2d4f3bfa-22c7-a18c-3902-fe1b6ac401f7@infradead.org> <8811b2e4-28e1-2f01-024b-fb7d0196483f@i-love.sakura.ne.jp> <98289cd2-095a-f0cd-e405-887ecbba0030@i-love.sakura.ne.jp> <366dcec3-1599-9e56-4660-44791e1c7a45@infradead.org> From: Casey Schaufler Message-ID: <3bca3aa4-ee37-cd1d-448a-c2e8c4aee81a@schaufler-ca.com> Date: Wed, 27 Mar 2019 16:22:16 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <366dcec3-1599-9e56-4660-44791e1c7a45@infradead.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/27/2019 3:55 PM, Randy Dunlap wrote: > On 3/27/19 3:23 PM, Casey Schaufler wrote: >> On 3/27/2019 3:05 PM, Tetsuo Handa wrote: >>> On 2019/03/28 6:43, Kees Cook wrote: >>>>>> I don't see problems for an exclusive LSM user (AA, SELinux, Smack) >>>>>> also initializing TOMOYO, though. It should be a no-op. Is there some >>>>>> situation where this is not true? >>>>> There should be no problem except some TOMOYO messages are printed. >>>> Okay, so I should send my latest version of the patch to James? Or do >>>> you explicitly want TOMOYO removed from all the CONFIG_LSM default >>>> lines except when selected by CONFIG_DEFAULT_SECURITY_TOMOYO? (I worry >>>> the latter will lead to less testing of the stacking.) >>>> >>> My approach is "opt-in" while your approach is "opt-out". And the problem >>> here is that people might fail to change CONFIG_LSM from the default value >>> to what they need. (And Jakub did not change CONFIG_LSM to reflect >>> CONFIG_DEFAULT_SECURITY_APPARMOR from the old config.) Thus, I suggest >>> "opt-in" approach; which includes up to only one legacy major LSM and allows >>> people to change the default value to include multiple legacy major LSMs. >>> >>> You can propose your latest version. If SELinux/Smack/AppArmor people >>> prefer "opt-out" approach, I'm fine with "opt-out" approach. >> In the long haul we want people to use CONFIG_LSM to set their >> list of modules. Providing a backward compatible CONFIG_DEFAULT_SECURITY_BLAH >> makes some sense, but it's important that we encourage a mindset change. >> Maybe with CONFIG_DEFAULT_SECURITY_LIST with a a full list, which uses the >> value from CONFIG_LSM, and make it the default? >> > Hi, > > I'm still confused. Does this mindset change include removing support of > SECURITY_DAC? No. > If so, where was this discussed and decided? linux-security-module@vger.kernel.org on threads related to security module stacking. It's easy to get the same result with a CONFIG_LSM that includes none of the SELinux, Smack, TOMOYO or AppArmor. > And if so (again), that feels like enforcing some kind of policy in the kernel. Again, not so. It's a change from "The not-more-the One Major Module" to "Whatever set of policies works for you". The NULL set is completely supported. The current flap is that it's more difficult to express doing things the old way. Kees and Tetsuo are hashing out how best to support old .confg files in support of automated tools. > thanks.