Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760605AbYCAVaO (ORCPT ); Sat, 1 Mar 2008 16:30:14 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1758078AbYCAV3z (ORCPT ); Sat, 1 Mar 2008 16:29:55 -0500 Received: from web36615.mail.mud.yahoo.com ([209.191.85.32]:31536 "HELO web36615.mail.mud.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1753728AbYCAV3y (ORCPT ); Sat, 1 Mar 2008 16:29:54 -0500 X-YMail-OSG: Od0a2L0VM1kFgZPklci5rr96mRCmJtS908y9JYCCGlEEDJ0wCqILYOqbQhfvYQtTKbCOnB0K_w-- X-RocketYMMF: rancidfat Date: Sat, 1 Mar 2008 13:29:53 -0800 (PST) From: Casey Schaufler Reply-To: casey@schaufler-ca.com Subject: Re: [RFC PATCH -mm] LSM: Add lsm= boot parameter To: Adrian Bunk , Casey Schaufler Cc: "Ahmed S. Darwish" , Chris Wright , Stephen Smalley , James Morris , Eric Paris , Alexey Dobriyan , LKML , LSM-ML In-Reply-To: <20080301211108.GF25835@cs181133002.pp.htv.fi> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Message-ID: <674864.46980.qm@web36615.mail.mud.yahoo.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1642 Lines: 49 --- Adrian Bunk wrote: > On Sat, Mar 01, 2008 at 12:28:43PM -0800, Casey Schaufler wrote: > > > > --- "Ahmed S. Darwish" wrote: > > > > > Hi everybody, > > > > > > This is a first try of adding lsm= boot parameter. > > > > > > Current situation is: > > > 1- Ignore wrong input, with a small warning to users. > > > 2- If user didn't specify a specific module, none will be loaded > > > > I'm not fond of this behavior for the case where only one LSM > > has been built in. Fedora, for example, ought to boot SELinux > > without specifing lsm=SELinux, and all the rest should boot > > whatever they are built with. In the case where a kernel is > > built with conflicting LSMs (today SELinux and Smack) I see > > this as a useful way to decide which to use until you get > > your kernel rebuilt sanely, so it appears to be worth having. > >... > > Remarks: > > Your comment would be covered if the default for this boot parameter (if > not explicitely set through the boot loader would not be "disabled" but > set through kconfig (based on the selected LSMs). Agreed. > We should really get this resolved for 2.6.25. Agreed. > security= suggestion is IMHO more intuitive than lsm= security is a very overloaded term, but since this is one of the ways it's already loaded in I could be OK with that. Casey Schaufler casey@schaufler-ca.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/