On 2019/03/30 4:36, Kees Cook wrote: > Note that since TOMOYO can be fully stacked against the other legacy > major LSMs, when it is selected, it explicitly disables the other LSMs > to avoid them also initializing since TOMOYO does not expect this > currently.
Excuse me, but isn't this exception confusing, for DEFAULT_SECURITY_TOMOYO and DEFAULT_SECURITY_DAC are "opt-in" whereas DEFAULT_SECURITY_SELINUX and DEFAULT_SECURITY_SMACK and DEFAULT_SECURITY_APPARMOR are "opt-out" ? If SELinux/Smack/AppArmor people think this mixture is fine, I'm fine though... > config LSM > string "Ordered list of enabled LSMs" > + default > "yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor" if > DEFAULT_SECURITY_SMACK > + default > "yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" if > DEFAULT_SECURITY_APPARMOR > + default "yama,loadpin,safesetid,integrity,tomoyo" if > DEFAULT_SECURITY_TOMOYO > + default "yama,loadpin,safesetid,integrity" if DEFAULT_SECURITY_DAC > default "yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" > help > A comma-separated list of LSMs, in initialization order. >
