On Fri, 5 Oct 2018, James Morris wrote:
> On Thu, 4 Oct 2018, Kees Cook wrote:
> > And a user would need to specify ALL lsms on the "lsm=" line?
> >
>
> Yes, the ones they want enabled.
If they're overriding the kconfig value.
--
James Morris
On Thu, Oct 4, 2018 at 10:40 AM, Jordan Glover
wrote:
> Sent with ProtonMail Secure Email.
>
> ‐‐‐ Original Message ‐‐‐
> On Thursday, October 4, 2018 6:18 PM, Kees Cook wrote:
>
>>
>> I don't want to overload "security=", but we can if we want. It would
>> be as above, but a trailing com
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Thursday, October 4, 2018 6:18 PM, Kees Cook wrote:
>
> I don't want to overload "security=", but we can if we want. It would
> be as above, but a trailing comma would be needed to trigger the
> "ordering" behavior. e.g. "sec
On 10/02/2018 05:12 PM, Kees Cook wrote:
> On Tue, Oct 2, 2018 at 5:05 PM, John Johansen
> wrote:
>> On 10/02/2018 04:54 PM, Kees Cook wrote:
>>> That's not how I have it currently. It's a comma-separated a string,
>>> including the reserved name "all". The default would just be
>>> "CONFIG_LSM_EN
On 10/02/2018 01:29 PM, Kees Cook wrote:
> On Tue, Oct 2, 2018 at 12:47 PM, John Johansen
> wrote:
>> On 10/02/2018 12:17 PM, Kees Cook wrote:
>>> I could define CONFIG_LSM_ENABLE as being "additive" to
>>> SECURITY_APPARMOR_BOOTPARAM_VALUE and
>>> SECURITY_SELINUX_BOOTPARAM_VALUE?
>>
>> Oh sure l
On Tue, Oct 2, 2018 at 11:57 AM, John Johansen
wrote:
> Under the current scheme
>
> lsm.enabled=selinux
>
> could actually mean selinux,yama,loadpin,something_else are
> enabled. If we extend this behavior to when full stacking lands
>
> lsm.enabled=selinux,yama
>
> might mean selinux,yama,apparm
6 matches
Mail list logo
