Re: [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable=

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: John Johansen <john.johansen@xxxxxxxxxxxxx>
Subject: Re: [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable=
From: Kees Cook <keescook@xxxxxxxxxxxx>
Date: Mon, 1 Oct 2018 16:49:57 -0700
Cc: Paul Moore <paul@xxxxxxxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>, Casey Schaufler <casey@xxxxxxxxxxxxxxxx>, Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>, Stephen Smalley <sds@xxxxxxxxxxxxx>, "Schaufler, Casey" <casey.schaufler@xxxxxxxxx>, LSM <linux-security-module@xxxxxxxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, "open list:DOCUMENTATION" <linux-doc@xxxxxxxxxxxxxxx>, linux-arch <linux-arch@xxxxxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>
In-reply-to: <b2952ffe-545f-931f-e6a2-589be5ac8ac0@canonical.com>
References: <20180925001832.18322-1-keescook@chromium.org> <20180925001832.18322-19-keescook@chromium.org> <68e4e323-3216-7e77-2807-c3207126ae68@canonical.com> <CAGXu5j+jzmFh-iuXDVHQTq7e=mftpfaqS-45TP_UR3B+qtGcLQ@mail.gmail.com> <9b3e1733-7cfa-5047-1422-0f9d92d88d39@canonical.com> <CAGXu5jJheexJgnJ+OWaDoRFraqm9yxj1Vr290tfZ7kELBPUpAw@mail.gmail.com> <b2952ffe-545f-931f-e6a2-589be5ac8ac0@canonical.com>

On Mon, Oct 1, 2018 at 4:44 PM, John Johansen
<john.johansen@xxxxxxxxxxxxx> wrote:
> On 10/01/2018 04:30 PM, Kees Cook wrote:
>> If we keep it, "apparmor=0 lsm_enable=apparmor" would mean it's
>> enabled. Is that okay?
>>
> ugh I would rather get rid of apparmor=0 or to emit a warning with apparmor
> disabled, but if we have to live with it then yes I can live with last
> option wins

Removing it would be much preferred! :)

Assuming Paul is okay with the same results in SELinux, I'll prepare patches...

-Kees

-- 
Kees Cook
Pixel Security

References:
- [PATCH security-next v3 00/29] LSM: Explict LSM ordering
  - From: Kees Cook
- [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable=
  - From: Kees Cook
- Re: [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable=
  - From: John Johansen
- Re: [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable=
  - From: Kees Cook
- Re: [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable=
  - From: John Johansen
- Re: [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable=
  - From: Kees Cook
- Re: [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable=
  - From: John Johansen

Prev by Date: Re: [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable=
Next by Date: Re: [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable=
Previous by thread: Re: [PATCH security-next v3 18/29] LSM: Introduce lsm.enable= and lsm.disable=
Next by thread: [PATCH security-next v3 19/29] LSM: Prepare for reorganizing "security=" logic
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel] [Kernel Newbies] [x86 Platform Driver] [Netdev] [Linux Wireless] [Netfilter] [Bugtraq] [Linux Filesystems] [Yosemite Discussion] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Device Mapper]