Fwd: [PATCH v4 15/23] LSM: Specify which LSM to display
Casey Schaufler
casey at schaufler-ca.com
Tue Jul 2 01:20:17 UTC 2019
On 7/1/2019 5:49 PM, James Morris wrote:
> On Fri, 28 Jun 2019, Stephen Smalley wrote:
>
>>> Balancing backward compatibility with new behavior is hard!
>>> What would you suggest for audit logs? Should we put all LSM
>>> data in every record? Is NFS a concern for anyone not using
>>> SELinux?
>> Yes to all on audit if stacking is going to be real. And yes, I think
>> other security modules will care about NFS if they are serious.
> Agreed.
>
> There must better way to approach this, somehow...
It not like I haven't proposed a number of mechanisms!
The "display" mechanism has the best backward compatibility
story, at the cost of being awkward/dangerous in the face of
sophisticated user space environments. A combined string
(smack='System",AppArmor='unconfined') sucks at compatibility,
but provides the best information.
Right now I'm looking at a way to prevent internal confusion.
I think that may be possible.
I'll point out that lib<lsm> has the option of verifying
the display before doing scary writes, but that's a lot of
work that no one is looking forward to.
More information about the Linux-security-module-archive
mailing list