| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Sep 2018 17:18:20 -0700
From: Kees Cook <keescook@...omium.org>
To: James Morris <jmorris@...ei.org>
Cc: Kees Cook <keescook@...omium.org>,
Casey Schaufler <casey@...aufler-ca.com>,
John Johansen <john.johansen@...onical.com>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
Paul Moore <paul@...l-moore.com>,
Stephen Smalley <sds@...ho.nsa.gov>,
"Schaufler, Casey" <casey.schaufler@...el.com>,
LSM <linux-security-module@...r.kernel.org>,
Jonathan Corbet <corbet@....net>, linux-doc@...r.kernel.org,
linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH security-next v3 17/29] LSM: Introduce CONFIG_LSM_ENABLE
To provide a set of default-enabled LSMs at boot, this introduces the
new CONFIG_LSM_ENABLE. A value of "all" means all builtin LSMs are
enabled by default. Any unlisted LSMs will be implicitly disabled
(excepting those with LSM-specific CONFIGs for enabling/disabling).
The behavior of the LSM-specific CONFIGs for SELinux are AppArmor
unchanged: the default-enabled state for those LSMs remains controlled
through their LSM-specific "enable" CONFIGs.
Signed-off-by: Kees Cook <keescook@...omium.org>
---
include/linux/lsm_hooks.h | 2 +-
security/Kconfig | 8 ++++++++
security/security.c | 4 +++-
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 95798f212dbf..ab23f1bc6d77 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -2044,7 +2044,7 @@ extern void security_add_hooks(struct security_hook_list *hooks, int count,
struct lsm_info {
const char *name; /* Populated automatically. */
unsigned long flags; /* Optional: flags describing LSM */
- int *enabled; /* Optional: NULL means enabled. */
+ int *enabled; /* Optional: NULL checks CONFIG_LSM_ENABLE */
int (*init)(void);
};
diff --git a/security/Kconfig b/security/Kconfig
index 27d8b2688f75..71306b046270 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -276,5 +276,13 @@ config DEFAULT_SECURITY
default "apparmor" if DEFAULT_SECURITY_APPARMOR
default "" if DEFAULT_SECURITY_DAC
+config LSM_ENABLE
+ string "LSMs to enable at boot time"
+ default "all"
+ help
+ A comma-separate list of LSMs to enable by default at boot. The
+ default is "all", to enable all LSM modules at boot. Any LSMs
+ not listed here will be disabled by default.
+
endmenu
diff --git a/security/security.c b/security/security.c
index a8107d54b3d3..7ecb9879a863 100644
--- a/security/security.c
+++ b/security/security.c
@@ -45,6 +45,8 @@ char *lsm_names;
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
CONFIG_DEFAULT_SECURITY;
+static __initconst const char * const builtin_lsm_enable = CONFIG_LSM_ENABLE;
+
static bool debug __initdata;
#define init_debug(...) \
do { \
@@ -182,7 +184,7 @@ static void __init parse_lsm_enable(const char *str,
static void __init prepare_lsm_enable(void)
{
/* Prepare defaults. */
- parse_lsm_enable("all", default_enabled, true);
+ parse_lsm_enable(builtin_lsm_enable, default_enabled, true);
}
/**
--
2.17.1
Powered by blists - more mailing lists