lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Feb 2008 07:39:36 -0500 From: Stephen Smalley <sds@...ho.nsa.gov> To: James Morris <jmorris@...ei.org> Cc: Alexey Dobriyan <adobriyan@...ru>, linux-kernel@...r.kernel.org, eparis@...isplace.org, casey@...aufler-ca.com Subject: Re: SMACK or SELinux, but not both On Tue, 2008-02-26 at 20:28 +1100, James Morris wrote: > On Tue, 26 Feb 2008, Alexey Dobriyan wrote: > > > If SELinux is registered before SMACK, SMACK panics after > > register_security() call. > > > > If SMACK is registered before SELinux, SELinux panics after > > register_security() call. > > > > Consequently allmodconfig kernel doesn't boot. It would be nice if > > some Kconfig magic to exclude each other will be in place. > > People want to be able to select the security model at boot time, so the > option to build both LSMs is required. > > You can stop SELinux from attempting to register as an LSM via selinux=0, > which should allow you to boot with just Smack enabled. Ideally, one could just boot with security=<module> to select the desired primary security module. security=smack, security=selinux, or security=capability. Having to specify selinux=0 smack=0 foo=0 just to get bar wouldn't be pretty. Not that anyone would want to do that, of course... -- Stephen Smalley National Security Agency -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists