| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Jan 2007 15:40:27 -0600 From: "Serge E. Hallyn" <serue@...ibm.com> To: Mimi Zohar <zohar@...ibm.com> Cc: Daniel Walker <dwalker@...sta.com>, akpm@...l.org, kjhall@...ux.vnet.ibm.com, linux-kernel@...r.kernel.org, Stephen Smalley <sds@...ch.ncsc.mil> Subject: Re: Should be [PATCH -mm] -- Re: [PATCH -rt] panic on SLIM + selinux Quoting Mimi Zohar (zohar@...ibm.com): > Being able to compile both SELinux and SLIM into the kernel was done > intentionally. Intentionally so that you can switch back and forth for testing? > The kernel parameters 'selinux' and 'slim' can enable > or disable the LSM module at boot. Perhaps, for the time being, the > SECURITY_SLIM_BOOTPARAM_VALUE should default to 0. That should solve the problem for most people. People wanting to test with slim will still have to specify 'selinux=0' or get the boot failure. But I suspect that having selinux automatically not load when slim is loaded will be considered too unsafe? Mimi, what about moving slim down below selinux in the Makefile, and having slim refuse to load if security_ops is not an _ops you know about (i.e. dummy_ops or capability_ops)? Then you can leave SECURITY_SLIM_BOOTPARAM_VALUE as 1, and users just have to say 'selinux=0' to boot slim? Just a thought, maybe less intuitive... -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists