Re: [PATCH V37 04/29] Enforce module signatures if the kernel is locked down

From: Matthew Garrett
Date: Thu Aug 01 2019 - 16:42:45 EST

Next message: David Miller: "Re: [PATCH net-next 0/5] net: dsa: mv88e6xxx: avoid some redundant VTU operations"
Previous message: Uwe Kleine-König: "Re: [PATCH v2 2/3] serial: sh-sci: Remove check for specific mctrl_gpio_init() return value"
In reply to: Jessica Yu: "Re: [PATCH V37 04/29] Enforce module signatures if the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 1, 2019 at 7:22 AM Jessica Yu <jeyu@xxxxxxxxxx> wrote:
> Apologies if this was addressed in another patch in your series (I've
> only skimmed the first few), but what should happen if the kernel is
> locked down, but CONFIG_MODULE_SIG=n? Or shouldn't CONFIG_SECURITY_LOCKDOWN_LSM
> depend on CONFIG_MODULE_SIG? Otherwise I think we'll end up calling
> the empty !CONFIG_MODULE_SIG module_sig_check() stub even though
> lockdown is enabled.

Hm. Someone could certainly configure their kernel in that way. I'm
not sure that tying CONFIG_SECURITY_LOCKDOWN_LSM to CONFIG_MODULE_SIG
is the right solution, since the new LSM approach means that any other
LSM could also impose the same policy. Perhaps we should just document
this?

Next message: David Miller: "Re: [PATCH net-next 0/5] net: dsa: mv88e6xxx: avoid some redundant VTU operations"
Previous message: Uwe Kleine-König: "Re: [PATCH v2 2/3] serial: sh-sci: Remove check for specific mctrl_gpio_init() return value"
In reply to: Jessica Yu: "Re: [PATCH V37 04/29] Enforce module signatures if the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]