[PATCH] tomoyo: revert CONFIG_SECURITY_TOMOYO_LKM support

Fri Oct 4 15:46:24 UTC 2024

On Thu, Oct 3, 2024 at 5:12 PM Paul Moore <paul at paul-moore.com> wrote:
> On Thu, Oct 3, 2024 at 5:08 PM Paul Moore <paul at paul-moore.com> wrote:
> >
> > This patch reverts two TOMOYO patches that were merged into Linus' tree
> > during the v6.12 merge window:
> >
> > 8b985bbfabbe ("tomoyo: allow building as a loadable LSM module")
> > 268225a1de1a ("tomoyo: preparation step for building as a loadable LSM module")
> >
> > Together these two patches introduced the CONFIG_SECURITY_TOMOYO_LKM
> > Kconfig build option which enabled a TOMOYO specific dynamic LSM loading
> > mechanism (see the original commits for more details).  Unfortunately,
> > this approach was widely rejected by the LSM community as well as some
> > members of the general kernel community.  Objections included concerns
> > over setting a bad precedent regarding individual LSMs managing their
> > LSM callback registrations as well as general kernel symbol exporting
> > practices.  With little to no support for the CONFIG_SECURITY_TOMOYO_LKM
> > approach outside of Tetsuo, and multiple objections, we need to revert
> > these changes.
> >
> > Link: https://lore.kernel.org/all/0c4b443a-9c72-4800-97e8-a3816b6a9ae2@I-love.SAKURA.ne.jp
> > Link: https://lore.kernel.org/all/CAHC9VhR=QjdoHG3wJgHFJkKYBg7vkQH2MpffgVzQ0tAByo_wRg@mail.gmail.com
> > Acked-by: John Johansen <john.johansen at canonical.com>
> > Signed-off-by: Paul Moore <paul at paul-moore.com>
> > ---
> >  security/tomoyo/Kconfig               |  15 --
> >  security/tomoyo/Makefile              |   8 +-
> >  security/tomoyo/common.c              |  14 +-
> >  security/tomoyo/common.h              |  72 -----
> >  security/tomoyo/gc.c                  |   3 -
> >  security/tomoyo/init.c                | 366 --------------------------
> >  security/tomoyo/load_policy.c         |  12 -
> >  security/tomoyo/proxy.c               |  82 ------
> >  security/tomoyo/securityfs_if.c       |  10 +-
> >  security/tomoyo/{hooks.h => tomoyo.c} | 110 +++++++-
> >  security/tomoyo/util.c                |   3 +
> >  11 files changed, 118 insertions(+), 577 deletions(-)
> >  delete mode 100644 security/tomoyo/init.c
> >  delete mode 100644 security/tomoyo/proxy.c
> >  rename security/tomoyo/{hooks.h => tomoyo.c} (79%)
>
> As promised, I'm going to wait until Friday (US time) to send this off
> to Linus in case there are any additional objections to this revert,
> but based on the conversation thus far it appears that support for
> reverting CONFIG_SECURITY_TOMOYO_LKM is high.
>
> John, I added your ACK from the earlier thread, if you would like it
> removed please let me know.
>
> If anyone else wants to add their ACK, Reviewed-by, etc. please let me
> know soon; I'd like to send this up to Linus in time for v6.12-rc2.

Merged into lsm/stable-6.12, I'll be sending this up to Linus soon.

-- 
paul-moore.com