[PATCH v3 1/1] security: Add CONFIG_LSM_AUTO to handle default LSM stack ordering

Mickaël Salaün mic at digikod.net
Fri Nov 4 16:29:15 UTC 2022


On 18/10/2022 21:31, Paul Moore wrote:
> On Tue, Oct 18, 2022 at 1:55 AM Kees Cook <keescook at chromium.org> wrote:
>> On Mon, Oct 17, 2022 at 09:45:21PM -0400, Paul Moore wrote:

[...]

>>> We can have defaults, like we do know, but I'm in no hurry to remove
>>> the ability to allow admins to change the ordering at boot time.
>>
>> My concern is with new LSMs vs the build system. A system builder will
>> be prompted for a new CONFIG_SECURITY_SHINY, but won't be prompted
>> about making changes to CONFIG_LSM to include it.
> 
> I would argue that if an admin/builder doesn't understand what a shiny
> new LSM does, they shouldn't be enabling that shiny new LSM.  Adding
> new, potentially restrictive, controls to your kernel build without a
> basic understanding of those controls is a recipe for disaster and I
> try to avoid recommending disaster as a planned course of action :)

It depends on what this shiny new LSMs do *by default*. In the case of 
Landlock, it do nothing unless a process does specific system calls 
(same as for most new kernel features: sysfs entries, syscall flags…). I 
guess this is the same for most LSMs.



More information about the Linux-security-module-archive mailing list