[arch-general] [arch-dev-public] Trimming down our default kernel configuration

[Daniel Micay]

On 03/04/14 06:41 PM, Arthur Țițeică wrote:
> În ziua de Mie 02 Apr 2014, la 18:50:14, Daniel Micay a scris:
>> Until then, you can use any sane LSM module without recompiling the
>> kernel by building just the module you plan on using and loading it.
> 
> I'm no kernel hacker by any means but AFAIK the LSM framework is still there 
> with CONFIG_SECURITY, it's just the modules that are missing.

The LSM support is still there due to Yama. It would be great if support
for `ptrace_scope` was simply included in the core kernel.

Since the `protected_symlinks` and `protected_hardlinks` switches
landed, I think there's a good chance of something like this ending up
there too.

> In the end the trimming guys gain nothing because the the security "bloat" 
> (the LSM framework) is still in the kernel and the security guys lost the 
> modules. Did I get anything wrong?

Yes, you've got it wrong. The kernel logs are no longer being spammed by
useless audit crap. As I said in the email you're replying to:

> The audit support required by these can't be compiled in without it
> being enabled. It's useless crap for anyone who isn't working for a
> bureaucracy and it spams the logs. It is also completely broken with
> namespaces, so it doesn't work at all with containers or application
> sandboxes.

I don't think the 'security guys' lost much, considering that none of
this worked without userspace support that we do not have. SELinux and
Smack require the recompilation of userspace packages, including with
patches for SELinux. AppArmor requires kernel patches missing in the
mainline kernel to work correctly.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20140403/3d2c8fee/attachment.asc>