[PATCH security-next v4 23/32] selinux: Remove boot parameter
John Johansen
john.johansen at canonical.com
Wed Oct 3 00:05:39 UTC 2018
On 10/02/2018 04:54 PM, Kees Cook wrote:
> On Tue, Oct 2, 2018 at 4:46 PM, John Johansen
> <john.johansen at canonical.com> wrote:
>> On 10/02/2018 04:06 PM, Kees Cook wrote:
>>> I think the current proposal (in the other thread) is likely the
>>> sanest approach:
>>>
>>> - Drop CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE
>>> - Drop CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE
>>> - All enabled LSMs are listed at build-time in CONFIG_LSM_ENABLE
>>
>> Hrrmmm isn't this a Kconfig selectable list, with each built-in LSM
>> available to be enabled by default at boot.
>
> That's not how I have it currently. It's a comma-separated a string,
> including the reserved name "all". The default would just be
> "CONFIG_LSM_ENABLE=all". Casey and I wanted this to have a way to
> capture new LSMs by default at build-time.
>
I understand where you are coming from, but speaking with my distro
hat on, that is not going to work. As a distro Ubuntu very much wants
to be able to offer all the LSMs built in to the kernel so the user
can select them. But very much wants to be able to specify a default
supported subset that is enabled at boot.
I expect RH and Suse will feel similarily. Speaking for Ubuntu if this
isn't available as part of lsm stacking it will get distro patched in.
>>> - Boot time enabling for selinux= and apparmor= remain
>>> - lsm.enable= is explicit: overrides above and omissions are disabled
>> wfm
>
> Okay, this is closer to v3 than v4. Paul or Stephen, how do you feel
> about losing the SELinux bootparam CONFIG? (i.e. CONFIG_LSM_ENABLE
> would be replacing its functionality.)
>
> -Kees
>
More information about the Linux-security-module-archive
mailing list