[PATCH] tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support

Paul Moore paul at paul-moore.com
Thu Oct 3 21:12:38 UTC 2024 

On Thu, Oct 3, 2024 at 5:08 PM Paul Moore <paul at paul-moore.com> wrote:
>
> This patch reverts two TOMOYO patches that were merged into Linus' tree
> during the v6.12 merge window:
>
> 8b985bbfabbe ("tomoyo: allow building as a loadable LSM module")
> 268225a1de1a ("tomoyo: preparation step for building as a loadable LSM module")
>
> Together these two patches introduced the CONFIG_SECURITY_TOMOYO_LKM
> Kconfig build option which enabled a TOMOYO specific dynamic LSM loading
> mechanism (see the original commits for more details).  Unfortunately,
> this approach was widely rejected by the LSM community as well as some
> members of the general kernel community.  Objections included concerns
> over setting a bad precedent regarding individual LSMs managing their
> LSM callback registrations as well as general kernel symbol exporting
> practices.  With little to no support for the CONFIG_SECURITY_TOMOYO_LKM
> approach outside of Tetsuo, and multiple objections, we need to revert
> these changes.
>
> Link: https://lore.kernel.org/all/0c4b443a-9c72-4800-97e8-a3816b6a9ae2@I-love.SAKURA.ne.jp
> Link: https://lore.kernel.org/all/CAHC9VhR=QjdoHG3wJgHFJkKYBg7vkQH2MpffgVzQ0tAByo_wRg@mail.gmail.com
> Acked-by: John Johansen <john.johansen at canonical.com>
> Signed-off-by: Paul Moore <paul at paul-moore.com>
> ---
>  security/tomoyo/Kconfig               |  15 --
>  security/tomoyo/Makefile              |   8 +-
>  security/tomoyo/common.c              |  14 +-
>  security/tomoyo/common.h              |  72 -----
>  security/tomoyo/gc.c                  |   3 -
>  security/tomoyo/init.c                | 366 --------------------------
>  security/tomoyo/load_policy.c         |  12 -
>  security/tomoyo/proxy.c               |  82 ------
>  security/tomoyo/securityfs_if.c       |  10 +-
>  security/tomoyo/{hooks.h => tomoyo.c} | 110 +++++++-
>  security/tomoyo/util.c                |   3 +
>  11 files changed, 118 insertions(+), 577 deletions(-)
>  delete mode 100644 security/tomoyo/init.c
>  delete mode 100644 security/tomoyo/proxy.c
>  rename security/tomoyo/{hooks.h => tomoyo.c} (79%)

As promised, I'm going to wait until Friday (US time) to send this off
to Linus in case there are any additional objections to this revert,
but based on the conversation thus far it appears that support for
reverting CONFIG_SECURITY_TOMOYO_LKM is high.

John, I added your ACK from the earlier thread, if you would like it
removed please let me know.

If anyone else wants to add their ACK, Reviewed-by, etc. please let me
know soon; I'd like to send this up to Linus in time for v6.12-rc2.

-- 
paul-moore.com

More information about the Linux-security-module-archive mailing list