On Thu, Dec 12, 2019 at 11:31 AM Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > On 2019/12/11 23:08, Ondrej Mosnacek wrote: > > As a nice side effect, this allows marking the hooks (and other stuff) > > __ro_after_init unconditionally. Since SECURITY_WRITABLE_HOOKS no longer > > makes sense, remove it and instead use SECURITY_SELINUX_DISABLE directly > > for turning on the runtime disable functionality, to emphasize that this > > is only used by SELinux and is meant to be removed in the future. > > I don't like unconditionally marking __ro_after_init. I'm currently waiting for > Casey's stacking work to complete. I haven't given up dynamically loadable LSM modules. > > In order to allow loading LSM modules after boot, I have to add lines > 1093-1173, 1190-1195, 1208-1211, 1217-1220 in > https://osdn.net/projects/akari/scm/svn/blobs/head/trunk/akari/lsm-4.12.c . > I suggest grouping __lsm_ro_after_init variables into a special section and > implementing a legal method for temporarily making that section read-write. > Then, architectures with that method will be able to use __ro_after_init marking. I'd say the burden of implementing this would lie on the arms of whoever prepares the patches for dynamic load/unload. However, *if* this patch is going to go anywhere, I could at least keep __lsm_ro_after_init (now as just an alias for __ro_after_init) so its definition can be easily changed later. -- Ondrej Mosnacek <omosnace at redhat dot com> Software Engineer, Security Technologies Red Hat, Inc.