[PATCH] tomoyo: Add a kernel config option for fuzzing testing.
Edwin Zimmerman
edwin at 211mainstreet.net
Tue Mar 12 21:56:11 UTC 2019
On March 12, 2019 5:15, Tetsuo Handa <penguin-kernel at i-love.sakura.ne.jp> wrote
> On 2019/03/13 2:19, James Morris wrote:
> > On Mon, 11 Mar 2019, Tetsuo Handa wrote:
> >
> >> On 2019/03/05 12:32, James Morris wrote:
> >>> On Tue, 5 Mar 2019, Tetsuo Handa wrote:
> >>>
> >>>> I guess that majority of TOMOYO users are now using the upstream version. But
> >>>> pre-LSM version and/or AKARI will remain there until LKM-based LSMs becomes
> >>>> officially supported
> >>>
> >>> You mean dynamically loadable LSMs?
> >>
> >> Yes. As long as upstream can't accept all LSM modules, and some people cannot afford
> >> utilizing upstream LSM modules, LKM-based LSMs will be needed by such people.
> >
> > What do you mean cannot afford ?
> >
>
> Some people have to set SELINUX=disabled in /etc/selinux/config or pass security=none from
> the kernel command line.
If you specifically don't want in-kernel LSMs, and you specifically do want an out-of-tree LSM,
there are other options. For example, you could just livepatch the security_* hooks you need,
since you already would using an LKM-based LSM. That would give you your
out-of-tree module and would also disable selinux on the hooks that got livepatched.
More information about the Linux-security-module-archive
mailing list