Re: [PATCH -v3 -mm] LSM: Add security= boot parameter

LKML Archive on lore.kernel.org
help / color / mirror / Atom feed

From: Casey Schaufler <casey@schaufler-ca.com>
To: "Ahmed S. Darwish" <darwish.07@gmail.com>,
	Casey Schaufler <casey@schaufler-ca.com>
Cc: Adrian Bunk <bunk@kernel.org>, Chris Wright <chrisw@sous-sol.org>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	James Morris <jmorris@namei.org>,
	Eric Paris <eparis@parisplace.org>,
	Alexey Dobriyan <adobriyan@sw.ru>,
	LKML <linux-kernel@vger.kernel.org>,
	LSM-ML <linux-security-module@vger.kernel.org>,
	Anrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH -v3 -mm] LSM: Add security= boot parameter
Date: Sun, 2 Mar 2008 10:37:22 -0800 (PST)	[thread overview]
Message-ID: <548866.30741.qm@web36607.mail.mud.yahoo.com> (raw)
In-Reply-To: <20080302105946.GA6406@ubuntu>


--- "Ahmed S. Darwish" <darwish.07@gmail.com> wrote:

> Hi!,
> 
> [
> Fixed two bugs:
>        - concurrency: incrementing and testing atomic_t in different places.
>        - overflow: not ending string with NULL after using strncpy().
>        - I'll never write a patch when I'm asleep, sorry :(
> 
> Added more verbose messages to SMACK and SELinux if they were not 
> chosen on boot.
> 
> Casey: Failing to take permission to register an LSM does not mean that 
>        the other has registered its security_ops yet. It just means that
>        the other asked for allowance to call register_security(). It's 
>        not yet guraranteed that this registration succeeded.
> 
>        This means that adding "SELinux: failed to load, LSM %s is loaded"
>        may lead to %s = "dummy" in case of a highly concurrent SMP system.
> ]

Personally, I'd be OK with seeing "dummy" on my Altix on occasion. :-)
Perhaps "SELinux: Not registered, %s is reported" would address the
concern. It would be really good to see the value in the 99 44/100%
of the cases where it is available, even if it means admitting that
there are limited circumstances where you might know that someone
got there ahead of you, but not who it was. I don't think it's
worth going to heroic efforts to make sure it's available.


Casey Schaufler
casey@schaufler-ca.com

next prev parent reply	other threads:[~2008-03-02 18:37 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-01 19:07 [RFC PATCH -mm] LSM: Add lsm= " Ahmed S. Darwish
2008-03-01 20:28 ` Casey Schaufler
2008-03-01 21:11   ` Adrian Bunk
2008-03-01 21:29     ` Casey Schaufler
2008-03-01 23:27       ` [PATCH -v2 -mm] LSM: Add security= " Ahmed S. Darwish
2008-03-02  3:41         ` Casey Schaufler
2008-03-02  7:55           ` Ahmed S. Darwish
2008-03-02  7:49         ` Ahmed S. Darwish
2008-03-02 10:59           ` [PATCH -v3 " Ahmed S. Darwish
2008-03-02 18:37             ` Casey Schaufler [this message]
2008-03-03  8:29             ` James Morris
2008-03-03 15:35               ` Ahmed S. Darwish
2008-03-03 15:54                 ` Stephen Smalley
2008-03-03 21:24                   ` [PATCH -v4 " Ahmed S. Darwish
2008-03-03 22:16                     ` James Morris
2008-03-04  3:04                       ` [PATCH -v5 " Ahmed S. Darwish
2008-03-04  4:07                         ` James Morris
2008-03-05 22:29                         ` Andrew Morton
2008-03-05 22:56                           ` Ahmed S. Darwish
2008-03-05 23:06                             ` Ahmed S. Darwish
2008-03-05 22:56                           ` James Morris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=548866.30741.qm@web36607.mail.mud.yahoo.com \
    --to=casey@schaufler-ca.com \
    --cc=adobriyan@sw.ru \
    --cc=akpm@linux-foundation.org \
    --cc=bunk@kernel.org \
    --cc=chrisw@sous-sol.org \
    --cc=darwish.07@gmail.com \
    --cc=eparis@parisplace.org \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=sds@tycho.nsa.gov \
    --subject='Re: [PATCH -v3 -mm] LSM: Add security= boot parameter' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).