Commit 2623c4fb authored by Kees Cook's avatar Kees Cook Committed by James Morris
Browse files

LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig" 



Commit 70b62c25 ("LoadPin: Initialize as ordered LSM") removed
CONFIG_DEFAULT_SECURITY_{SELINUX,SMACK,TOMOYO,APPARMOR,DAC} from
security/Kconfig and changed CONFIG_LSM to provide a fixed ordering as a
default value. That commit expected that existing users (upgrading from
Linux 5.0 and earlier) will edit CONFIG_LSM value in accordance with
their CONFIG_DEFAULT_SECURITY_* choice in their old kernel configs. But
since users might forget to edit CONFIG_LSM value, this patch revives
the choice (only for providing the default value for CONFIG_LSM) in order
to make sure that CONFIG_LSM reflects CONFIG_DEFAULT_SECURITY_* from their
old kernel configs.

Note that since TOMOYO can be fully stacked against the other legacy
major LSMs, when it is selected, it explicitly disables the other LSMs
to avoid them also initializing since TOMOYO does not expect this
currently.

Reported-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
Fixes: 70b62c25 ("LoadPin: Initialize as ordered LSM")
Co-developed-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
Signed-off-by: default avatarJames Morris <james.morris@microsoft.com>
parent 1aa176ef

security/Kconfig

+38 −0
Original line number Diff line number Diff line
@@ -239,8 +239,46 @@ source "security/safesetid/Kconfig" 


source "security/integrity/Kconfig"



choice

	prompt "First legacy 'major LSM' to be initialized"

	default DEFAULT_SECURITY_SELINUX if SECURITY_SELINUX

	default DEFAULT_SECURITY_SMACK if SECURITY_SMACK

	default DEFAULT_SECURITY_TOMOYO if SECURITY_TOMOYO

	default DEFAULT_SECURITY_APPARMOR if SECURITY_APPARMOR

	default DEFAULT_SECURITY_DAC



	help

	  This choice is there only for converting CONFIG_DEFAULT_SECURITY

	  in old kernel configs to CONFIG_LSM in new kernel configs. Don't

	  change this choice unless you are creating a fresh kernel config,

	  for this choice will be ignored after CONFIG_LSM has been set.



	  Selects the legacy "major security module" that will be

	  initialized first. Overridden by non-default CONFIG_LSM.



	config DEFAULT_SECURITY_SELINUX

		bool "SELinux" if SECURITY_SELINUX=y



	config DEFAULT_SECURITY_SMACK

		bool "Simplified Mandatory Access Control" if SECURITY_SMACK=y



	config DEFAULT_SECURITY_TOMOYO

		bool "TOMOYO" if SECURITY_TOMOYO=y



	config DEFAULT_SECURITY_APPARMOR

		bool "AppArmor" if SECURITY_APPARMOR=y



	config DEFAULT_SECURITY_DAC

		bool "Unix Discretionary Access Controls"



endchoice



config LSM

	string "Ordered list of enabled LSMs"

	default "yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor" if DEFAULT_SECURITY_SMACK

	default "yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" if DEFAULT_SECURITY_APPARMOR

	default "yama,loadpin,safesetid,integrity,tomoyo" if DEFAULT_SECURITY_TOMOYO

	default "yama,loadpin,safesetid,integrity" if DEFAULT_SECURITY_DAC

	default "yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"

	help

	  A comma-separated list of LSMs, in initialization order.

CRA Git | Maintained and supported by SUSTech CRA and CCSE