Thread (10 messages) 10 messages, 3 authors, 2019-03-23

Re: mount.nfs: Protocol error after upgrade to linux/master

From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Date: 2019-03-23 02:44:35
Also in: linux-nfs, lkml 

On 2019/03/23 7:45, Kees Cook wrote:
It breaks the backward-compat for the "security=" line. If a system is
booted with CONFIG_LSM="minors...,apparmor" and "security=selinux",
neither apparmor nor selinux will be initialized. The logic on
"security=..." depends on the other LSMs being present in the list.
Really? The logic on "security=..." does not depend on LSM_FLAG_LEGACY_MAJOR
LSMs being present in the CONFIG_LSM= list, for ordered_lsm_parse() does

  (Step 1) Enable LSM_ORDER_FIRST module (i.e. capability).

  (Step 2) Disable LSM_FLAG_LEGACY_MAJOR modules which was not specified
           by "security=" parameter when "security=" parameter was specified.

  (Step 3) Enable modules specified by "lsm=" parameter (or CONFIG_LSM= settings
           if "lsm=" parameter was not specified).

  (Step 4) Enable up to one LSM_FLAG_LEGACY_MAJOR module which was specified
           by "security=" parameter when "security=" parameter was specified.

  (Step 5) Disable all unused modules.

and (Step 4) will compensate for lack of that module in (Step 3).
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help