On 7/1/2019 5:49 PM, James Morris wrote: > On Fri, 28 Jun 2019, Stephen Smalley wrote: > >>> Balancing backward compatibility with new behavior is hard! >>> What would you suggest for audit logs? Should we put all LSM >>> data in every record? Is NFS a concern for anyone not using >>> SELinux? >> Yes to all on audit if stacking is going to be real. And yes, I think >> other security modules will care about NFS if they are serious. > Agreed. > > There must better way to approach this, somehow... It not like I haven't proposed a number of mechanisms! The "display" mechanism has the best backward compatibility story, at the cost of being awkward/dangerous in the face of sophisticated user space environments. A combined string (smack='System",AppArmor='unconfined') sucks at compatibility, but provides the best information. Right now I'm looking at a way to prevent internal confusion. I think that may be possible. I'll point out that lib<lsm> has the option of verifying the display before doing scary writes, but that's a lot of work that no one is looking forward to.
