Re: [PATCH security-next v4 23/32] selinux: Remove boot parameter

From: Kees Cook
Date: Thu Oct 04 2018 - 13:42:16 EST


On Thu, Oct 4, 2018 at 10:40 AM, Jordan Glover
<Golden_Miller83@xxxxxxxxxxxxx> wrote:
> Sent with ProtonMail Secure Email.
>
> âââââââ Original Message âââââââ
> On Thursday, October 4, 2018 6:18 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
>>
>> I don't want to overload "security=", but we can if we want. It would
>> be as above, but a trailing comma would be needed to trigger the
>> "ordering" behavior. e.g. "security=selinux" would disable all other
>> majors (retaining the current behavior), but "security=selinux," would
>> disable all other LSMs.
>>
>> -Kees
>>
>>
>
> I don't think giving such big impact to trailing comma is good idea :)

That's why I prefer a new lsm= instead of confusing security=. :)

-Kees

--
Kees Cook
Pixel Security