| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c32eea69-b822-49fc-a078-1f1b2dea124d@canonical.com> Date: Fri, 4 Oct 2024 21:06:39 -0700 From: John Johansen <john.johansen@...onical.com> To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>, Paul Moore <paul@...l-moore.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Jonathan Corbet <corbet@....net>, LKML <linux-kernel@...r.kernel.org>, linux-security-module@...r.kernel.org Subject: Re: [GIT PULL] tomoyo update for v6.12 On 10/3/24 05:59, Tetsuo Handa wrote: > On 2024/10/03 15:16, Tetsuo Handa wrote: >>>> TOMOYO is one of in-tree modules that can be signed together when building >>>> distribution kernels. Fedora can provide tomoyo.ko as a signed-but-unsupported >>>> module (i.e. excluded from main kernel package that is supported by >>>> distributors but provided as a separate package that is not supported by >>>> distributors). >>>> >>> yes it can, it has chosen not to. As I have said before that is >>> a choice/political reason, not technical. I wish I had a solution to this >>> problem for you but I don't. >> >> What does "it" referring to? Fedora has chosen not to build TOMOYO into Fedora's >> vmlinux. But I haven't heard from Fedora that Fedora won't ship tomoyo.ko as a >> separate package. > > Currently, a Linux distributor is an entity that provides kernel program and > userspace program. But as the kernel code signing getting more important, > the role of a Linux distributor regarding the kernel program might change as > below? > > Currently, people expect that "distributor takes care of handling all bugs > that happens with kernel code built by that distributor". Due to bandwidth > problem, distributor needs to disable kernel code which that distributor cannot > take care of bugs. My understanding is that some distributors started providing > separated kernel packages; the kernel package which that distributor can take > care of bugs and the kernel package which that distributor cannot take care of > bugs. The tomoyo.ko change is intended for being included in the latter package > if that distributor cannot include in the former package. > honestly its easier to just build a separate kernel package with tomoyo builtin. Module packages can be done, but they are a pita. > Since distributor needs to sign kernel code, I think this separation is becoming > more inevitable. That is, people might need to change their expectation to that > "distributor takes care of handling bugs that happens with kernel code in the > former package, and somebody takes care of handling bugs that happens with kernel > code in the latter package", and distributor's role is to compile as many kernel > code as possible and sign all compiled kernel code so that the kernel code is > compiled and shipped (and not tampered) by known entities; something like SSL > certificates providers. > Sure. Distribution already tell users they aren't using supported stuff. Ubuntu builds in selinux, tomoyo, smack. We get a bug we tell them it is community supported. That has some overhead, but really not that much more than responding to the bugs where users ask for feature X to be enabled. Or how to build a kernel with feature X, ... Ubuntu made a different decision than fedora around how best to support users. I am not going to argue its right or wrong, just different. Again getting a distro to change a config/stance is a political problem, not technical.
Powered by blists - more mailing lists