On Thu, Sep 05, 2013 at 06:50:05AM -0400, Josh Boyer wrote: > On Wed, Sep 4, 2013 at 10:07 PM, Vivek Goyal <vgoyal@xxxxxxxxxx> wrote: > > On Wed, Sep 04, 2013 at 09:37:47PM -0400, Josh Boyer wrote: > > > > [..] > >> > +config BINFMT_ELF_SIG > >> > + bool "ELF binary signature verification" > >> > + depends on BINFMT_ELF > >> > + select INTEGRITY > >> > + select INTEGRITY_SIGNATURE > >> > + select INTEGRITY_ASYMMETRIC_KEYS > >> > + select IMA > >> > + select IMA_APPRAISE > >> > + select SYSTEM_TRUSTED_KEYRING > >> > + default n > >> > + ---help--- > >> > + Check ELF binary signature verfication. > >> > >> Please don't do this. Yes, it's technically viable to select all the > >> things you need, but this turns on entire subsystems we don't have > >> enabled. In months when the maintainers have long forgotten about > >> this, we have to go figure out what turned on INTEGRITY and IMA > >> because they aren't explicitly set in the config-* fragments. It's > >> really frustrating. > >> > >> Instead, please make BINFMT_ELF_SIG depend on > >> INTEGRITY_ASYMMETRIC_KEYS and IMA_APPRAISE, then explicitly enable the > >> options you need in config-x86-generic. Lump them together and > >> include a comment at the top about what piece of functionality needs > >> them. > > > > Josh, > > > > I don't think that will make lot of sense. When a user wants to enable > > a feature, I think it is better that anything that feature depends on > > is selected automatically. > > There are very few users that are going to want this feature. Why > would they? It does not matter how many users are going to use it. Thing is, if I run make menuconfig and If I enable elf binary signature verifitcaion, it should automatically select all the dependcies. > The Kconfig help text doesn't say anything at all about > what this is, it doesn't list the limitations present (no shared > libraries, etc), and it doesn't explain that is adds in entire > subsystems. The help text could use additions to cover all that. That more about help text improvement. But that's not an argument to not do it this way. I can improve the help text, that's not a problem. > > > I have had very frustating expriences when I do "make menuconfig" and > > the options I want to enable are not there in menu because they are > > depenedent on something else which is not enabled. > > If you knew about the option before you ran "make menuconfig", then > you clearly saw it in the Kconfig file and should have been able to > read what it depends on. > > > How on the earth a user is supposed to know that BINFMT_ELF_SIG is > > dependent on IMA, IMA_APPRAISE, SYSTEM_TRUSTED_KEYRING > > INTEGRITY_SIGNATURE, INTEGRITY_ASYMMETRIC_KEYS etc. > > Frankly, an end user won't care. This isn't a general purpose signed > binary option. It's limited to statically linked, no interpreted ELF > binaries. Also, this is the Fedora kernel list. We'll enable this > either way and a user gets what we build. I think you are doing it reverse. I am really not a fan of making this feature *depend* on all the obsecure options and leave it an exercise for developer to figure out all dependencies. I find it much more intutive to automatically select dependencies. And if you disable this feature in fedora, I think all the automatically selected dependencies will automatically be deselected? So you don't have to worry either. Thanks Vivek _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
