From: Casey Schaufler <casey@schaufler-ca.com>
To: Igor Stoppa <igor.stoppa@huawei.com>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
keescook@chromium.org, mhocko@kernel.org, jmorris@namei.org
Cc: paul@paul-moore.com, sds@tycho.nsa.gov, hch@infradead.org,
labbott@redhat.com, linux-mm@kvack.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com
Subject: Re: [PATCH 4/5] Make LSM Writable Hooks a command line option
Date: Tue, 6 Jun 2017 08:17:01 -0700 [thread overview]
Message-ID: <61106c92-ab4c-4bc3-1cb9-d01b1845f670@schaufler-ca.com> (raw)
In-Reply-To: <bff5442e-9ecd-9493-7397-7030ade63e81@huawei.com>
On 6/6/2017 7:51 AM, Igor Stoppa wrote:
> On 06/06/17 17:36, Tetsuo Handa wrote:
>> Igor Stoppa wrote:
>>> For the case at hand, would it work if there was a non-API call that you
>>> could use until the API is properly expanded?
>> Kernel command line switching (i.e. this patch) is fine for my use cases.
>>
>> SELinux folks might want
>>
>> -static int security_debug;
>> +static int security_debug = IS_ENABLED(CONFIG_SECURITY_SELINUX_DISABLE);
> ok, thanks, I will add this
>
>> so that those who are using SELINUX=disabled in /etc/selinux/config won't
>> get oops upon boot by default. If "unlock the pool" were available,
>> SELINUX=enforcing users would be happy. Maybe two modes for rw/ro transition helps.
>>
>> oneway rw -> ro transition mode: can't be made rw again by calling "unlock the pool" API
>> twoway rw <-> ro transition mode: can be made rw again by calling "unlock the pool" API
> This was in the first cut of the API, but I was told that it would
> require further rework, to make it ok for upstream, so we agreed to do
> first the lockdown/destroy only part and the the rewrite.
>
> Is there really a valid use case for unloading SE Linux?
It's used today in the Redhat distros. There is talk of removing it.
You can only unload SELinux before policy is loaded, which is sort of
saying that you have your system misconfigured but can't figure out
how to fix it. You might be able to convince Paul Moore to accelerate
the removal of this feature for this worthy cause.
> Or any other security module.
I suppose that you could argue that if a security module had
been in place for 2 years on a system and had never once denied
anyone access it should be removed. That's a reasonable use case
description, but I doubt you'd encounter it in the real world.
Another possibility is a security module that is used during
container setup and once the system goes into full operation
is no longer needed. Personally, I don't see either of these
cases as compelling. "systemctl restart xyzzyd".
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
prev parent reply other threads:[~2017-06-06 15:17 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-05 19:22 Igor Stoppa
2017-06-05 19:22 ` [PATCH 1/5] LSM: Convert security_hook_heads into explicit array of struct list_head Igor Stoppa
2017-06-05 19:22 ` [PATCH 2/5] Protectable Memory Allocator Igor Stoppa
2017-06-06 4:44 ` Tetsuo Handa
2017-06-06 6:25 ` Christoph Hellwig
2017-06-06 11:34 ` Igor Stoppa
2017-06-06 16:24 ` Laura Abbott
2017-06-06 11:42 ` Igor Stoppa
2017-06-06 12:08 ` Tetsuo Handa
2017-06-06 12:23 ` Igor Stoppa
2017-06-05 19:22 ` [PATCH 3/5] Protectable Memory Allocator - Debug interface Igor Stoppa
2017-06-05 20:24 ` [kernel-hardening] " Jann Horn
2017-06-06 9:00 ` Igor Stoppa
2017-06-05 19:22 ` [PATCH 4/5] Make LSM Writable Hooks a command line option Igor Stoppa
2017-06-05 19:53 ` Casey Schaufler
2017-06-05 20:50 ` Tetsuo Handa
2017-06-06 8:58 ` Igor Stoppa
2017-06-06 10:54 ` Tetsuo Handa
2017-06-06 11:12 ` Igor Stoppa
2017-06-06 11:42 ` Tetsuo Handa
2017-06-06 12:11 ` Igor Stoppa
2017-06-06 14:36 ` Tetsuo Handa
2017-06-06 14:51 ` Igor Stoppa
2017-06-06 15:17 ` Casey Schaufler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=61106c92-ab4c-4bc3-1cb9-d01b1845f670@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=hch@infradead.org \
--cc=igor.stoppa@huawei.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox