From mboxrd@z Thu Jan 1 00:00:00 1970 From: o@zgur.org (Ozgur Kara) Date: Wed, 30 May 2018 21:13:46 +0300 Subject: Is there mailist about LSM In-Reply-To: <65026.1527703555@turing-police.cc.vt.edu> References: <1527700573.1073529.1390735608.275C3A8D@webmail.messagingengine.com> <56012.1527701120@turing-police.cc.vt.edu> <1527701845.1082359.1390760976.092478F1@webmail.messagingengine.com> <65026.1527703555@turing-police.cc.vt.edu> Message-ID: <1184751527704026@web33g.yandex.ru> To: kernelnewbies@lists.kernelnewbies.org List-Id: kernelnewbies.lists.kernelnewbies.org 30.05.2018, 21:08, "valdis.kletnieks at vt.edu" : > On Wed, 30 May 2018 10:37:25 -0700, you said: > >> ?First, theoretical, I suppose: what were the reasons to effectively disable dynamic loading of LSM ? > > Because that implies the system was up without the LSM loaded - at which point > somebody can have tampered with whatever labelling the LSM uses. So we > insist that the LSM be brought online very early during the boot process, to make > sure that the LSM has a chance to stop any unauthorized relabeling. > >> ?Second, is there a way for two or more LSMs to co-exist? After inspecting >> ?security_module_enable() and register_security(), it doesn't seem possible, >> ?however yama does attempt to load itself? Am I missing something? > > There's some support for one "large" LSM and a "trivial" one like yama. > There's very real and nasty interactions if you try to run (for instance) > SELinux and AppArmor at the same time. The composition of multiple > MAC systems is fraught with danger (go back and look at how long it took > us to get file capabilities to work right...) SElinux and AppArmor are completely disappointing. Really. >