[RFC PATCH 2/2] security: Add mechanism to (un)load LSMs after boot time
igor.stoppa at huawei.com
Mon Mar 26 20:17:25 UTC 2018
On 26/03/18 22:24, Sargun Dhillon wrote:
> This patch introduces a mechanism to add mutable hooks at the end of the
> callback chain for each LSM hook. It allows for built-in kernel LSMs
> to be unloaded, as well as modular LSMs to be loaded after boot-time.
> It also does not compromise the security of hooks which are never
> meant to be unloaded.
Looking at this from the perspective of really convincing people to use
other modules, there is a problem, imho.
> * Register with LSM
> - security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
> + security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack",
> + false);
Hardcoding what is (im)mutable will never satisfy everyone.
If, instead, this decision was delegated to the kernel command line, it
would be possible to have any module to become immutable -or not-
depending on the default values and the configuration received at boot.
A distro could ship with its defaults and then any user could
reconfigure it, without having to recompile or install anything, just
editing the command line.
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive