git.baikalelectronics.ru Git - kernel.git/commit

author	Kees Cook <keescook@chromium.org>
	Fri, 29 Mar 2019 19:36:04 +0000 (12:36 -0700)
committer	James Morris <james.morris@microsoft.com>
	Fri, 29 Mar 2019 21:08:49 +0000 (14:08 -0700)
commit	ddfc534446ce7d315b2eb16db2c908eda3cbec27
tree	4b07dfdc695d5d91f860413e9aa5f3c75ce3e777	tree \| snapshot
parent	4265352c1dcdb3b19a8bf945eff01d370ef00de9	commit \| diff

LSM: Revive CONFIG_DEFAULT_SECURITY_* for "make oldconfig"

Commit 765b909f2a7bf37a ("LoadPin: Initialize as ordered LSM") removed
CONFIG_DEFAULT_SECURITY_{SELINUX,SMACK,TOMOYO,APPARMOR,DAC} from
security/Kconfig and changed CONFIG_LSM to provide a fixed ordering as a
default value. That commit expected that existing users (upgrading from
Linux 5.0 and earlier) will edit CONFIG_LSM value in accordance with
their CONFIG_DEFAULT_SECURITY_* choice in their old kernel configs. But
since users might forget to edit CONFIG_LSM value, this patch revives
the choice (only for providing the default value for CONFIG_LSM) in order
to make sure that CONFIG_LSM reflects CONFIG_DEFAULT_SECURITY_* from their
old kernel configs.

Note that since TOMOYO can be fully stacked against the other legacy
major LSMs, when it is selected, it explicitly disables the other LSMs
to avoid them also initializing since TOMOYO does not expect this
currently.

Reported-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Fixes: 765b909f2a7bf37a ("LoadPin: Initialize as ordered LSM")
Co-developed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.morris@microsoft.com>