On 2019/01/30 23:45, Dmitry Vyukov wrote: >> Dmitry, is it possible to update configs for linux-next.git , for >> we want to test a big change in LSM which will go to Linux 5.1 ? >> >> TOMOYO security module (CONFIG_SECURITY_TOMOYO=y) can now coexist with >> SELinux/Smack/AppArmor security modules, and SafeSetID security module >> (CONFIG_SECURITY_SAFESETID=y) was added. Testing with these modules also >> enabled might find something... > > Hi, > > syzbot configs/cmdline args are stored here: > https://github.com/google/syzkaller/tree/master/dashboard/config > > I've tried to update to the latest kernel, the diff is below. > Few questions: > 1. How are modules enabled now? > We pass security=selinux of security=smack on command line. What do we > need to pass now to enable several modules at the same time? Removing security= parameter from kernel boot command line will do it. security/apparmor/lsm.c: .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, security/selinux/hooks.c: .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, security/smack/smack_lsm.c: .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, security/tomoyo/tomoyo.c: .flags = LSM_FLAG_LEGACY_MAJOR, security/security.c: if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && But this means that, if same kernel config/cmdline are used between linux-next.git and linux.git (etc.), syzbot will need to choose from (a) stop sharing kernel cmdline between linux-next.git and linux.git (etc.) or (b) stop sharing kernel config between SELinux, Smack and AppArmor or (c) start testing after the LSM changes went to linux.git as Linux 5.1-rc1 . Is (a) or (b) possible? If this is a too much change, (c) will be OK. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
