Re: [PATCH security-next v4 10/32] LSM: Don't ignore initialization failures

From: Kees Cook
Date: Tue Oct 02 2018 - 17:38:15 EST

Next message: Greg KH: "Re: [PATCH 0/2] serial: sh-sci: Fix earlycon on Renesas ARM platforms"
Previous message: Richard Weinberger: "Re: [PATCH net-next v6 19/23] zinc: Curve25519 ARM implementation"
In reply to: James Morris: "Re: [PATCH security-next v4 10/32] LSM: Don't ignore initialization failures"
Next in thread: Kees Cook: "[PATCH security-next v4 05/32] LSM: Convert from initcall to struct lsm_info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 2, 2018 at 2:20 PM, James Morris <jmorris@xxxxxxxxx> wrote:
> On Mon, 1 Oct 2018, Kees Cook wrote:
>
>> LSM initialization failures have traditionally been ignored. We should
>> at least WARN when something goes wrong.
>
> I guess we could have a boot param which specifies what to do if any LSM
> fails to init, as I think some folks will want to stop execution at that
> point.
>
> Thoughts?

I'm not opposed, but I won't author it because Linus will yell at me
about introducing a "machine killing" option.

-Kees

--
Kees Cook
Pixel Security

Next message: Greg KH: "Re: [PATCH 0/2] serial: sh-sci: Fix earlycon on Renesas ARM platforms"
Previous message: Richard Weinberger: "Re: [PATCH net-next v6 19/23] zinc: Curve25519 ARM implementation"
In reply to: James Morris: "Re: [PATCH security-next v4 10/32] LSM: Don't ignore initialization failures"
Next in thread: Kees Cook: "[PATCH security-next v4 05/32] LSM: Convert from initcall to struct lsm_info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]