Re: [GIT PULL] selinux/selinux-pr-20250323

From: Linus Torvalds
Date: Tue Mar 25 2025 - 19:03:00 EST

Next message: jim . cromie: "Re: [PATCH v2 30/59] dyndbg: drop "protection" of class'd pr_debugs from legacy queries"
Previous message: Dmitry Baryshkov: "Re: [PATCH v2 3/4] arm64: dts: qcom: x1e78100-t14s-oled: add eDP panel"
Next in thread: Paul Moore: "Re: [GIT PULL] selinux/selinux-pr-20250323"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 23 Mar 2025 at 12:39, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>
> - Add additional SELinux access controls for kernel file reads/loads
>
> The SELinux kernel file read/load access controls were never updated
> beyond the initial kernel module support, this pull request adds
> support for firmware, kexec, policies, and x.509 certificates.

Honestly, is there a *reason* for this, or is this just some misguided
"for completeness" issue?

Because dammit, adding more complexity to the security rules isn't a
feature, and isn't security. It's just theater.

And it adds completely pointless extra cases making the different
cases use artificially different code.

The commit message doesn't actually make any mention of *why* any of
this would be a good idea.

I've pulled this, but honestly, I think all those new cases should be
removed, and if people object to us having "LOADING_MODULE" for other
kinds of reads, then I think the fix should be to just rename it to
"KERNEL_LOAD" or whatever.

Because dammit, this "make security interfaces more complicated just
because" needs to STOP.

We are literally wasting enormous amounts of time in the security
layers - I regularly see the lsm and selinux layers spending *more*
time on security than the actual operation takes because the security
people have written random code without taking performance into
account - and I need to see *reasons* for adding more crap in this
area, not "let's expand" with no actual reason given.

So I really think that commit needs to be either reverted or explained
very clearly why user policy _needs_ to care for the difference
between a module load and a firmware image load.

Because I think any such explanation is likely complete BS. The
difference between loading modules and loading firmware usually would
boil down to "different hardware does things differently". There's no
obvious reason why one should be considered different from another
from a security standpoint.

Linus

Next message: jim . cromie: "Re: [PATCH v2 30/59] dyndbg: drop "protection" of class'd pr_debugs from legacy queries"
Previous message: Dmitry Baryshkov: "Re: [PATCH v2 3/4] arm64: dts: qcom: x1e78100-t14s-oled: add eDP panel"
Next in thread: Paul Moore: "Re: [GIT PULL] selinux/selinux-pr-20250323"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]