Date: Tue, 14 Feb 2017 07:15:17 +0900 From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> To: keescook@...omium.org Cc: casey@...aufler-ca.com, sds@...ho.nsa.gov, jmorris@...ei.org, linux-security-module@...r.kernel.org, kernel-hardening@...ts.openwall.com, paul@...l-moore.com Subject: Re: Re: [RFC PATCH 2/4] security: mark nf ops in SELinux and Smack as __ro_after_init Kees Cook wrote: > On Mon, Feb 13, 2017 at 2:05 PM, Tetsuo Handa > <penguin-kernel@...ove.sakura.ne.jp> wrote: > > Kees Cook wrote: > >> On Mon, Feb 13, 2017 at 1:32 PM, Casey Schaufler <casey@...aufler-ca.com> wrote: > >> > If we changed CONFIG_SECURITY_SELINUX_DISABLE to > >> > CONFIG_SECURITY_DYNAMIC_MODULES and put the __ro_after_init > >> > under !CONFIG_SECURITY_DYNAMIC_MODULES we solve both the > >> > current and potential future issues. > >> > >> Something like... > >> > >> #ifdef CONFIG_SECURITY_DYNAMIC_LSM > >> # define lsm_ro_after_init __ro_after_init > >> # define lsm_const const > >> #else > >> # define lsm_ro_after_init > >> # define lsm_const > >> #endif > >> > >> ? > > > > Fedora/RHEL won't use CONFIG_SECURITY_DYNAMIC_LSM=y whereas > > LKM based LSMs are targeted for such distributions. > > > > I don't worry much about Android, for manufactures who ship their > > products with TOMOYO enabled can rebuild their kernels. But asking > > for rebuild of Fedora/RHEL kernels to end users is too painful. > > I thought the argument was that Fedora WOULD ship that way, since it > needs to have the run-time selinux disabling feature? True only if Fedora/RHEL doesn't separate kernel packages. They can build separate kernel packages for with-/etc/selinux/config environments and without-/etc/selinux/config environments because modules needed for those environments would differ.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.