On 03/04/14 06:41 PM, Arthur Țițeică wrote:
În ziua de Mie 02 Apr 2014, la 18:50:14, Daniel Micay a scris:
Until then, you can use any sane LSM module without recompiling the kernel by building just the module you plan on using and loading it.
I'm no kernel hacker by any means but AFAIK the LSM framework is still there with CONFIG_SECURITY, it's just the modules that are missing.
The LSM support is still there due to Yama. It would be great if support for `ptrace_scope` was simply included in the core kernel. Since the `protected_symlinks` and `protected_hardlinks` switches landed, I think there's a good chance of something like this ending up there too.
In the end the trimming guys gain nothing because the the security "bloat" (the LSM framework) is still in the kernel and the security guys lost the modules. Did I get anything wrong?
Yes, you've got it wrong. The kernel logs are no longer being spammed by useless audit crap. As I said in the email you're replying to:
The audit support required by these can't be compiled in without it being enabled. It's useless crap for anyone who isn't working for a bureaucracy and it spams the logs. It is also completely broken with namespaces, so it doesn't work at all with containers or application sandboxes.
I don't think the 'security guys' lost much, considering that none of this worked without userspace support that we do not have. SELinux and Smack require the recompilation of userspace packages, including with patches for SELinux. AppArmor requires kernel patches missing in the mainline kernel to work correctly.