[PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization

[PATCH security-next v2 00/26] LSM: Explict LSM ordering · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 04/26] LSM: Remove initcall tracing · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 02/26] vmlinux.lds.h: Avoid copy/paste of security_init section · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 07/26] LSM: Convert security_initcall() into DEFINE_LSM() · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 10/26] LSM: Don't ignore initialization failures · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 11/26] LSM: Introduce LSM_FLAG_LEGACY_MAJOR · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 12/26] LSM: Provide separate ordered initialization · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 13/26] LSM: Plumb visibility into optional "enabled" state · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 19/26] LSM: Introduce CONFIG_LSM_ORDER · Kees Cook <hidden> · 2018-09-20
Re: [PATCH security-next v2 19/26] LSM: Introduce CONFIG_LSM_ORDER · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-21
Re: [PATCH security-next v2 19/26] LSM: Introduce CONFIG_LSM_ORDER · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-21
[PATCH security-next v2 20/26] LSM: Introduce "lsm.order=" for boottime ordering · Kees Cook <hidden> · 2018-09-20
Re: [PATCH security-next v2 20/26] LSM: Introduce "lsm.order=" for boottime ordering · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-21
Re: [PATCH security-next v2 20/26] LSM: Introduce "lsm.order=" for boottime ordering · Kees Cook <hidden> · 2018-09-21
[PATCH security-next v2 14/26] LSM: Lift LSM selection out of individual LSMs · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 15/26] LSM: Introduce lsm.enable= and lsm.disable= · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 09/26] LSM: Provide init debugging infrastructure · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 08/26] LSM: Record LSM name in struct lsm_info · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 06/26] vmlinux.lds.h: Move LSM_TABLE into INIT_DATA · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 05/26] LSM: Convert from initcall to struct lsm_info · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 03/26] LSM: Rename .security_initcall section to .lsm_info · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 01/26] LSM: Correctly announce start of LSM initialization · Kees Cook <hidden> · 2018-09-20
Re: [PATCH security-next v2 01/26] LSM: Correctly announce start of LSM initialization · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-20
[PATCH security-next v2 24/26] capability: Mark as LSM_ORDER_FIRST · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 21/26] LoadPin: Initialize as ordered LSM · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 18/26] LSM: Build ordered list of ordered LSMs for init · Kees Cook <hidden> · 2018-09-20
Re: [PATCH security-next v2 18/26] LSM: Build ordered list of ordered LSMs for init · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-21
Re: [PATCH security-next v2 18/26] LSM: Build ordered list of ordered LSMs for init · Kees Cook <hidden> · 2018-09-21
[PATCH security-next v2 17/26] LSM: Refactor "security=" in terms of enable/disable · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 16/26] LSM: Prepare for reorganizing "security=" logic · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 25/26] LSM: Separate idea of "major" LSM from "exclusive" LSM · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization · Kees Cook <hidden> · 2018-09-20
Re: [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-21
Re: [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization · Kees Cook <hidden> · 2018-09-21
Re: [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-21
Re: [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization · John Johansen <john.johansen@canonical.com> · 2018-09-21
Re: [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization · Kees Cook <hidden> · 2018-09-21
Re: [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization · John Johansen <john.johansen@canonical.com> · 2018-09-21
Re: [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization · Kees Cook <hidden> · 2018-09-21
Re: [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization · John Johansen <john.johansen@canonical.com> · 2018-09-21
Re: [PATCH security-next v2 26/26] LSM: Add all exclusive LSMs to ordered initialization · Casey Schaufler <casey@schaufler-ca.com> · 2018-09-21
[PATCH security-next v2 23/26] LSM: Introduce enum lsm_order · Kees Cook <hidden> · 2018-09-20
[PATCH security-next v2 22/26] Yama: Initialize as ordered LSM · Kees Cook <hidden> · 2018-09-20
Re: [PATCH security-next v2 00/26] LSM: Explict LSM ordering · Martin Steigerwald <hidden> · 2018-09-20
Re: [PATCH security-next v2 00/26] LSM: Explict LSM ordering · Kees Cook <hidden> · 2018-09-20

From: john.johansen@canonical.com (John Johansen)
Date: 2018-09-21 01:39:38
Also in: linux-arch, linux-doc, lkml

On 09/20/2018 06:10 PM, Casey Schaufler wrote:

On 9/20/2018 5:45 PM, Kees Cook wrote:

quoted

On Thu, Sep 20, 2018 at 5:25 PM, Casey Schaufler [off-list ref] wrote:

quoted

On 9/20/2018 9:23 AM, Kees Cook wrote:

quoted

 config LSM_ORDER
      string "Default initialization order of builtin LSMs"
-     default "yama,loadpin,integrity"
+     default "yama,loadpin,integrity,selinux,smack,tomoyo,apparmor"

If I want to compile all the major modules into my kernel and use
AppArmor by default would I use

        default "yama,loadpin,integrity,apparmor,selinux,smack,tomoyo"

or

        default "yama,loadpin,integrity,apparmor"

I was expecting the former, but the latter will have the same result.

t find having the two be equivalent violates expectations. At least
when considering the end goal of full/extreme stacking, its trivially
the same with current major lsms being exclusive

quoted

When we have "blob-sharing" how could I compile in tomoyo,
but exclude it without a boot line option?

Ooh, yes, this series has no way to do that. Perhaps
CONFIG_LSM_DISABLE in the same form as CONFIG_LSM_ORDER? I would
totally remove LoadPin's CONFIG for this in favor it.

I would generally prefer an optional CONFIG_LSM_ENABLE to
CONFIG_LSM_DISABLE, but I understand the logic behind your
approach. I would be looking for something like

+1 on the CONFIG_LSM_ENABLE ove DISABLE

CONFIG LSM_ENABLE
	string "Default set of enabled LSMs"
	default ""

as opposed to

CONFIG LSM_DISABLE
	string "Default set of disabled LSMs"
	default ""

where an empty string is interpreted as "use 'em all" 
in either case.

quoted

When we have full stacking, how could I compile in selinux
but exclude it?

Yup, same problem. Same suggested solution?

Should lsm.enable/disable= also become a comma-separated list, or
should I leave it as a multi-instance thing like I have it?

I prefer the multi-instance
	lsm.disable=selinux lsm.disable=yama
to the list
	lsm.disable=selinux,yama

but at this point I don't really care all that much.

the comma separated list however is consistent with what is being
done for default order

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help