[PATCH security-next v4 23/32] selinux: Remove boot parameter

John Johansen john.johansen at canonical.com
Wed Oct 3 13:15:54 UTC 2018


On 10/02/2018 05:12 PM, Kees Cook wrote:
> On Tue, Oct 2, 2018 at 5:05 PM, John Johansen
> <john.johansen at canonical.com> wrote:
>> On 10/02/2018 04:54 PM, Kees Cook wrote:
>>> That's not how I have it currently. It's a comma-separated a string,
>>> including the reserved name "all". The default would just be
>>> "CONFIG_LSM_ENABLE=all". Casey and I wanted this to have a way to
>>> capture new LSMs by default at build-time.
>>>
>>
>> I understand where you are coming from, but speaking with my distro
>> hat on, that is not going to work. As a distro Ubuntu very much wants
>> to be able to offer all the LSMs built in to the kernel so the user
>> can select them. But very much wants to be able to specify a default
>> supported subset that is enabled at boot.
>>
>> I expect RH and Suse will feel similarily. Speaking for Ubuntu if this
>> isn't available as part of lsm stacking it will get distro patched in.
> 
> Right. Ubuntu would do something like:
> 
> CONFIG_LSM_ENABLE=yama,apparmor,integrity
> 
> And that's why I wanted non-explicit lsm.enable, so that an end user
> could just do:
> 
> lsm.enable=loadpin
> 
> to add loadpin.
> 
> Perhaps we could have both? "lsm.enable=+loadpin" (add loadpin to
> build default list) vs "lsm.enable=loadpin" (override build default
> list with ONLY loadpin).
> 

Maybe? I'm not sure what the best option is with all the competing
requirements/desires. I need to think about it more and would like
to see what others think.



More information about the Linux-security-module-archive mailing list