[RFC PATCH 2/2] security: Add mechanism to (un)load LSMs after boot time

Igor Stoppa igor.stoppa at huawei.com
Mon Mar 26 20:17:25 UTC 2018



On 26/03/18 22:24, Sargun Dhillon wrote:
> This patch introduces a mechanism to add mutable hooks at the end of the
> callback chain for each LSM hook. It allows for built-in kernel LSMs
> to be unloaded, as well as modular LSMs to be loaded after boot-time.
> It also does not compromise the security of hooks which are never
> meant to be unloaded.

Looking at this from the perspective of really convincing people to use
other modules, there is a problem, imho.

[...]

>  	/*
>  	 * Register with LSM
>  	 */
> -	security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
> +	security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack",
> +				false);

Hardcoding what is (im)mutable will never satisfy everyone.
If, instead, this decision was delegated to the kernel command line, it
would be possible to have any module to become immutable -or not-
depending on the default values and the configuration received at boot.

A distro could ship with its defaults and then any user could
reconfigure it, without having to recompile or install anything, just
editing the command line.

--
igor
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list