Received: by 2002:a05:6358:16cd:b0:dc:6189:e246 with SMTP id r13csp1091744rwl; Fri, 4 Nov 2022 09:39:35 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6ZM10urhFedXhAqIas8AuRMuCbbLX1otkTnXMcONZTLqqHXfjaghqMqszkakfj55WapMBE X-Received: by 2002:a17:902:e891:b0:186:c544:8b1e with SMTP id w17-20020a170902e89100b00186c5448b1emr35796835plg.163.1667579975405; Fri, 04 Nov 2022 09:39:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667579975; cv=none; d=google.com; s=arc-20160816; b=WRbEL8ea/gg269zehDm0T7hhWlf0wZrbHDDuVdUVpwU5Z1evEw8nqgDQH+NHkDMHI5 CGGSfI080YMHTLc8oB8gcej2jd6NDcbS8Zs7SDOY3j7uvs10WBAYkTVMcLYn6730xT5k pD3kOv7XiPK5UQ3u+o4a2MR70WGBMaHCqV+Zn/FQukfESbu3nPeCIkq8QuYod8wMovpT 5rqI5t9G5A5UhvHw786hpR0G3vD2M1InkcQByPZeCXM3ektiooNW5ZObDeVczoOofe25 e6raJhFgbDwoA6D3U4JR6A+E4+Iz9DbpUoSG4x87ttO6iXwLjGMrz760RgYr68vFUSEe dtlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=n3K/PRZRt9xXr6Cwup3zzkXfLFjrkKdvbrdIn+LGHP0=; b=k9kO6bljviwGSSxOLgAIl3QXHrLY0MZY4Mm8A56XZVj28tpXZQg4LF5evU+s92j27B MgaXBd6seqTQbtKLL8uO6pOfH/atDZwZrTr4wOxGRBWMMWP2ogLHT9mXGERfiNC3pkrv jAYt380CePSasMy5Kj2OXys3fpLVGrinzrpWr5QkiZQjGYZb4IDQEHsqyVbPFxLct0Nn rZ+PpvX3YoAfhDfy9j5tmjpAVoROwS9C4h9MwsTl1BMN9W4BqCsOaK50R4iFX0uRWCbp hU1SkJ0d80Dr+elXnykVB11vPacaAqU5H8CYTdQe4qkA3P/wxeAMNIsb7ktlq4fnbZYV p6RQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=Bro8cGD5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i3-20020a6551c3000000b0044ed36e4c57si4880059pgq.217.2022.11.04.09.39.22; Fri, 04 Nov 2022 09:39:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=Bro8cGD5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231918AbiKDQaa (ORCPT + 96 others); Fri, 4 Nov 2022 12:30:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55588 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231923AbiKDQaI (ORCPT ); Fri, 4 Nov 2022 12:30:08 -0400 Received: from smtp-190d.mail.infomaniak.ch (smtp-190d.mail.infomaniak.ch [IPv6:2001:1600:3:17::190d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C45BB4AF3E for ; Fri, 4 Nov 2022 09:29:21 -0700 (PDT) Received: from smtp-2-0000.mail.infomaniak.ch (unknown [10.5.36.107]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4N3mKn3TBSzMqFWB; Fri, 4 Nov 2022 17:29:17 +0100 (CET) Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149]) by smtp-2-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4N3mKm2bgYzMppDs; Fri, 4 Nov 2022 17:29:16 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net; s=20191114; t=1667579357; bh=D1u8OZmN1CbcNNIsyebyzioeBvYjVMKs6mHBS+hV2F0=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=Bro8cGD5XBQVPMabDjoCJ2DO5AVT5FK4AJWdIh3ho6SmxF7TZdlIHjYCPZqI+Di/Q LRTqlCjWUdwoTgqWlHeyw7yLjEXlUonuSkpKbR5GeJ560AzmxA6WAoJa7YywZSMVbw 7UGCiZulg6zPUM51PL04ASZmy8Nft0ZrDjZPksgc= Message-ID: Date: Fri, 4 Nov 2022 17:29:15 +0100 MIME-Version: 1.0 User-Agent: Subject: Re: [PATCH v3 1/1] security: Add CONFIG_LSM_AUTO to handle default LSM stack ordering Content-Language: en-US To: Paul Moore , Kees Cook Cc: Casey Schaufler , Nicolas Iooss , James Morris , "Serge E . Hallyn" , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= References: <20210222150608.808146-1-mic@digikod.net> <20210222150608.808146-2-mic@digikod.net> <51725b44-bc40-0205-8583-285d3b35b5ca@schaufler-ca.com> <7b67163a-9de1-313f-5b5a-8c720cef9b73@schaufler-ca.com> <3b97e25b-303c-d732-3e5d-f1b1a446e090@schaufler-ca.com> <202210171111.21E3983165@keescook> <202210172153.C65BF23D5E@keescook> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 18/10/2022 21:31, Paul Moore wrote: > On Tue, Oct 18, 2022 at 1:55 AM Kees Cook wrote: >> On Mon, Oct 17, 2022 at 09:45:21PM -0400, Paul Moore wrote: [...] >>> We can have defaults, like we do know, but I'm in no hurry to remove >>> the ability to allow admins to change the ordering at boot time. >> >> My concern is with new LSMs vs the build system. A system builder will >> be prompted for a new CONFIG_SECURITY_SHINY, but won't be prompted >> about making changes to CONFIG_LSM to include it. > > I would argue that if an admin/builder doesn't understand what a shiny > new LSM does, they shouldn't be enabling that shiny new LSM. Adding > new, potentially restrictive, controls to your kernel build without a > basic understanding of those controls is a recipe for disaster and I > try to avoid recommending disaster as a planned course of action :) It depends on what this shiny new LSMs do *by default*. In the case of Landlock, it do nothing unless a process does specific system calls (same as for most new kernel features: sysfs entries, syscall flagsā€¦). I guess this is the same for most LSMs.