From: Stephen Smalley <sds@tycho.nsa.gov>
To: Paul Moore <paul@paul-moore.com>
Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-next@vger.kernel.org, jamorris@linux.microsoft.com
Subject: Re: [RFC PATCH] security: add an interface to lookup the lockdown reason
Date: Tue, 10 Dec 2019 11:20:44 -0500 [thread overview]
Message-ID: <85a3c4ce-0636-30e7-21bf-dfcd4be5cd9c@tycho.nsa.gov> (raw)
In-Reply-To: <CAHC9VhRjs-pMWD-2ZTcF42eR3ugW7Bn7uYhmp4cQFneOtcqUkg@mail.gmail.com>
On 12/10/19 10:58 AM, Paul Moore wrote:
> On Tue, Dec 10, 2019 at 10:45 AM Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> On 12/10/19 10:04 AM, Paul Moore wrote:
>>> On Tue, Dec 10, 2019 at 9:59 AM Stephen Smalley <sds@tycho.nsa.gov> wrote:
>>>> On 12/9/19 9:28 PM, Paul Moore wrote:
>>>>> With CONFIG_AUDIT enabled but CONFIG_SECURITY disabled we run into
>>>>> a problem where the lockdown reason table is missing. This patch
>>>>> attempts to fix this by hiding the table behind a lookup function.
>>>>
>>>> Shouldn't lsm_audit.c be conditional on both CONFIG_AUDIT and
>>>> CONFIG_SECURITY? When/why would we want it built without
>>>> CONFIG_SECURITY enabled?
>>>
>>> My first thought of a fix was just that, but I remembered that the
>>> capabilities code is built regardless of the CONFIG_SECURITY setting
>>> and I thought there might be some value in allowing for lsm_audit to
>>> be used in commoncap (although in full disclosure commoncap doesn't
>>> currently make use of lsm_audit).
>>
>> Seems contrary to normal practice, i.e. if/when commoncap grows a
>> dependency, it can be changed then.
>
> Okay, want to submit a tested patch? I really would like to get this
> fixed before today's linux-next run.
In looking at it, I'm wondering if we could just change the Makefile to
use obj-$(CONFIG_SECURITY) instead of obj-$(CONFIG_AUDIT) for
lsm_audit.c. I think it might build just fine without CONFIG_AUDIT
since audit.h provides static inlines that boil away to nothing for
audit_log*() in that case. Offhand I don't see any support/examples of
specifying two different config options for an obj list in a Makefile.
The other option would be to introduce its own CONFIG_LSM_AUDIT option
and select that option automatically for the modules that use it, which
would currently be selinux, apparmor, and smack. Then if you aren't
using any of those modules you can omit it from your kernel.
next prev parent reply other threads:[~2019-12-10 16:20 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-10 2:28 [RFC PATCH] security: add an interface to lookup the lockdown reason Paul Moore
2019-12-10 5:39 ` James Morris
2019-12-10 14:59 ` Stephen Smalley
2019-12-10 15:04 ` Paul Moore
2019-12-10 15:45 ` Stephen Smalley
2019-12-10 15:58 ` Paul Moore
2019-12-10 16:20 ` Stephen Smalley [this message]
2019-12-10 16:50 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=85a3c4ce-0636-30e7-21bf-dfcd4be5cd9c@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=jamorris@linux.microsoft.com \
--cc=linux-next@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox