lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Oct 2018 13:29:42 -0700 From: Kees Cook <keescook@...omium.org> To: John Johansen <john.johansen@...onical.com> Cc: Jordan Glover <Golden_Miller83@...tonmail.ch>, Stephen Smalley <sds@...ho.nsa.gov>, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, Casey Schaufler <casey@...aufler-ca.com>, Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, "Schaufler, Casey" <casey.schaufler@...el.com>, linux-security-module <linux-security-module@...r.kernel.org>, Jonathan Corbet <corbet@....net>, "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>, linux-arch <linux-arch@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH security-next v4 23/32] selinux: Remove boot parameter On Tue, Oct 2, 2018 at 12:47 PM, John Johansen <john.johansen@...onical.com> wrote: > On 10/02/2018 12:17 PM, Kees Cook wrote: >> I could define CONFIG_LSM_ENABLE as being "additive" to >> SECURITY_APPARMOR_BOOTPARAM_VALUE and >> SECURITY_SELINUX_BOOTPARAM_VALUE? > > Oh sure lets deal with my complaint about too many ways to configure > this beast by adding yet another config option :P This is what v3 already does: SEC...BOOTPARAM_VALUE trumps ...LSM_ENABLE. > seriously though, please no. That just adds another layer of confusion > even if it is only being foisted on the distro/builder You've already sent a patch removing SECURITY_APPARMOR_BOOTPARAM_VALUE. If SELinux is fine to do that too, then I think we'll be sorted out. I'll just need to make "lsm.enable=" be an explicit list. (Do you have a problem with "lsm.disable=..." ?) -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists