[PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock

Casey Schaufler casey at schaufler-ca.com
Fri Sep 14 00:08:41 UTC 2018


On 9/13/2018 4:57 PM, Kees Cook wrote:
> On Thu, Sep 13, 2018 at 4:51 PM, Casey Schaufler <casey at schaufler-ca.com> wrote:
>> On 9/13/2018 4:06 PM, Kees Cook wrote:
>>> - what order should any stacking happen? Makefile? security=?
>> Makefile by default.
> Okay, if ordering is by Makefile and everyone dislikes my
> $lsm.enabled=0/1 thing, then these mean the same thing:
>
> security=selinux,tomoyo
> security=tomoyo,selinux
>
> i.e. order of security= is _ignored_ in favor of the Makefile ordering.

No, I think that the two lines above should have a different
execution order. If we really need to specify multiple modules
at boot time that is what makes the most sense.

It's a matter of mechanics and probably another pass during the
init process, but it's doable. If we determine it's necessary for
this stage it is just work.



More information about the Linux-security-module-archive mailing list