[PATCH v7 0/6] Safe LSM (un)loading, and immutable hooks

Casey Schaufler casey at schaufler-ca.com
Fri Apr 27 20:45:52 UTC 2018

On 4/27/2018 1:21 PM, Sargun Dhillon wrote:
> On Fri, Apr 27, 2018 at 6:25 AM, Tetsuo Handa
> <penguin-kernel at i-love.sakura.ne.jp> wrote:
>> Sargun Dhillon wrote:
>> ...
>>>> I suggest that either in the short term we:
>>>> 1) Trust people not to load a second major LSM,
>> this is not an option.
> This is exactly what people do today?

The existing code provides no mechanism whereby multiple
"major" modules can be used at the same time. If you added
a "minor" module, and it used security blobs Bad Things(tm)
could happen.

>>>> 2) See below.
>>>> What about something as stupid as:
>> I don't think we want to do this.
> We have the limit today of not allowing people to load two major LSMs.
> Why not wait till later to solve this problem, and for now, reject
> when people install two major LSMs? I think we can fix the dynamic
> loading problem _first_ and the multiple major LSM problem _second_

I think that we're on the verge of having a major merge collision.
I hope to have the multiple major module code seriously reviewed as of
4.18 and start putting real pressure on getting it in for 4.19/4.20.
The advent of the Age of Containers is driving this.

To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the Linux-security-module-archive mailing list