On 3/16/2019 1:08 AM, Tetsuo Handa wrote:

On 2019/03/16 14:38, Kees Cook wrote:

quoted

  config LSM
         string "Ordered list of enabled LSMs"
+       default "yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor" if DEFAULT_SECURITY_SMACK
+       default "yama,loadpin,safesetid,integrity,tomoyo,selinux,smack,apparmor" if DEFAULT_SECURITY_TOMOYO
+       default "yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" if DEFAULT_SECURITY_APPARMOR
         default "yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
         help
           A comma-separated list of LSMs, in initialization order.

(I don't see a way to include an earlier config string in a new
default.) Thoughts?

Hmm, DEFAULT_SECURITY_TOMOYO no longer works because TOMOYO will be
always enabled as long as CONFIG_SECURITY_TOMOYO=y. Maybe

  config LSM
         string "Ordered list of enabled LSMs"
-       default "yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"
+       default "yama,loadpin,safesetid,integrity,selinux" if DEFAULT_SECURITY_SELINUX
+       default "yama,loadpin,safesetid,integrity,smack" if DEFAULT_SECURITY_SMACK
+       default "yama,loadpin,safesetid,integrity,tomoyo" if DEFAULT_SECURITY_TOMOYO
+       default "yama,loadpin,safesetid,integrity,apparmor" if DEFAULT_SECURITY_APPARMOR
+       default "yama,loadpin,safesetid,integrity" if DEFAULT_SECURITY_DAC
         help
           A comma-separated list of LSMs, in initialization order.

(i.e. include only up to one major LSM as default choice, and allow manually including
multiple major LSMs at both kernel build time and kernel boot time) is better?

I think this looks pretty good.