From patchwork Mon Feb 15 18:15:09 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 12089087 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C713AC43381 for ; Mon, 15 Feb 2021 18:15:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 99CBA64E05 for ; Mon, 15 Feb 2021 18:15:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230117AbhBOSPO (ORCPT ); Mon, 15 Feb 2021 13:15:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45692 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230018AbhBOSPM (ORCPT ); Mon, 15 Feb 2021 13:15:12 -0500 Received: from smtp-42ae.mail.infomaniak.ch (smtp-42ae.mail.infomaniak.ch [IPv6:2001:1600:4:17::42ae]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 008F8C061756 for ; Mon, 15 Feb 2021 10:14:26 -0800 (PST) Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4DfXLS6QcrzMprlZ; Mon, 15 Feb 2021 19:14:24 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4DfXLS42Jfzlh8TC; Mon, 15 Feb 2021 19:14:24 +0100 (CET) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: James Morris , Masahiro Yamada , "Serge E . Hallyn" Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Casey Schaufler , Nicolas Iooss , linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= Subject: [PATCH v2 1/3] kconfig: Remove duplicate call to sym_get_string_value() Date: Mon, 15 Feb 2021 19:15:09 +0100 Message-Id: <20210215181511.2840674-2-mic@digikod.net> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210215181511.2840674-1-mic@digikod.net> References: <20210215181511.2840674-1-mic@digikod.net> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org From: Mickaël Salaün Use the saved returned value of sym_get_string_value() instead of calling it twice. Cc: Masahiro Yamada Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20210215181511.2840674-2-mic@digikod.net --- scripts/kconfig/conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c index db03e2f45de4..18a233d27a8d 100644 --- a/scripts/kconfig/conf.c +++ b/scripts/kconfig/conf.c @@ -137,7 +137,7 @@ static int conf_string(struct menu *menu) printf("%*s%s ", indent - 1, "", menu->prompt->text); printf("(%s) ", sym->name); def = sym_get_string_value(sym); - if (sym_get_string_value(sym)) + if (def) printf("[%s] ", def); if (!conf_askvalue(sym, def)) return 0; From patchwork Mon Feb 15 18:15:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 12089091 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3382C433E6 for ; Mon, 15 Feb 2021 18:16:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CD05364DEE for ; Mon, 15 Feb 2021 18:16:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230394AbhBOSQ1 (ORCPT ); Mon, 15 Feb 2021 13:16:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45874 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230450AbhBOSQA (ORCPT ); Mon, 15 Feb 2021 13:16:00 -0500 Received: from smtp-8fac.mail.infomaniak.ch (smtp-8fac.mail.infomaniak.ch [IPv6:2001:1600:4:17::8fac]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A9E11C061756 for ; Mon, 15 Feb 2021 10:15:15 -0800 (PST) Received: from smtp-2-0001.mail.infomaniak.ch (unknown [10.5.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4DfXLW0fs0zMpv3m; Mon, 15 Feb 2021 19:14:27 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-2-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4DfXLV340dzlh8TJ; Mon, 15 Feb 2021 19:14:25 +0100 (CET) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: James Morris , Masahiro Yamada , "Serge E . Hallyn" Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Casey Schaufler , Nicolas Iooss , linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= Subject: [PATCH v2 2/3] kconfig: Ask user if string needs to be changed when dependency changed Date: Mon, 15 Feb 2021 19:15:10 +0100 Message-Id: <20210215181511.2840674-3-mic@digikod.net> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210215181511.2840674-1-mic@digikod.net> References: <20210215181511.2840674-1-mic@digikod.net> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org From: Mickaël Salaün Content of string configuration may depend on related kernel configurations. Modify oldconfig and syncconfig to inform users about possible required configuration update and give them the opportunity to update it: * if dependencies of this string has changed (e.g. enabled or disabled), * and if the current value of this string is different than the (new) default one. This is particularly relevant for CONFIG_LSM which contains a list of LSMs enabled at boot, but users will not have a chance to update this list with a make oldconfig. Cc: Casey Schaufler Cc: James Morris Cc: Masahiro Yamada Cc: Serge E. Hallyn Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20210215181511.2840674-3-mic@digikod.net --- scripts/kconfig/conf.c | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c index 18a233d27a8d..8633dacd39a9 100644 --- a/scripts/kconfig/conf.c +++ b/scripts/kconfig/conf.c @@ -82,6 +82,26 @@ static void xfgets(char *str, int size, FILE *in) printf("%s", str); } +static bool may_need_string_update(struct symbol *sym, const char *def) +{ + const struct symbol *dep_sym; + const struct expr *e; + + if (sym->type != S_STRING) + return false; + if (strcmp(def, sym_get_string_default(sym)) == 0) + return false; + /* + * The user may want to synchronize the content of a string related to + * changed dependencies (e.g. CONFIG_LSM). + */ + expr_list_for_each_sym(sym->dir_dep.expr, e, dep_sym) { + if (dep_sym->flags & SYMBOL_CHANGED) + return true; + } + return false; +} + static int conf_askvalue(struct symbol *sym, const char *def) { enum symbol_type type = sym_get_type(sym); @@ -102,7 +122,7 @@ static int conf_askvalue(struct symbol *sym, const char *def) switch (input_mode) { case oldconfig: case syncconfig: - if (sym_has_value(sym)) { + if (sym_has_value(sym) && !may_need_string_update(sym, def)) { printf("%s\n", def); return 0; } @@ -137,8 +157,19 @@ static int conf_string(struct menu *menu) printf("%*s%s ", indent - 1, "", menu->prompt->text); printf("(%s) ", sym->name); def = sym_get_string_value(sym); - if (def) - printf("[%s] ", def); + if (def) { + if (may_need_string_update(sym, def)) { + indent += 2; + printf("\n%*sDefault value is [%s]\n", + indent - 1, "", + sym_get_string_default(sym)); + printf("%*sCurrent value is [%s] ", + indent - 1, "", def); + indent -= 2; + } else { + printf("[%s] ", def); + } + } if (!conf_askvalue(sym, def)) return 0; switch (line[0]) { From patchwork Mon Feb 15 18:15:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 12089089 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01480C4332D for ; Mon, 15 Feb 2021 18:15:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CBED364E05 for ; Mon, 15 Feb 2021 18:15:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230172AbhBOSPR (ORCPT ); Mon, 15 Feb 2021 13:15:17 -0500 Received: from smtp-1908.mail.infomaniak.ch ([185.125.25.8]:55011 "EHLO smtp-1908.mail.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230108AbhBOSPP (ORCPT ); Mon, 15 Feb 2021 13:15:15 -0500 Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4DfXLX2PsSzMpnlP; Mon, 15 Feb 2021 19:14:28 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4DfXLX0Fd6zlh8TC; Mon, 15 Feb 2021 19:14:28 +0100 (CET) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: James Morris , Masahiro Yamada , "Serge E . Hallyn" Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Casey Schaufler , Nicolas Iooss , linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= Subject: [PATCH v2 3/3] security: Add LSMs dependencies to CONFIG_LSM Date: Mon, 15 Feb 2021 19:15:11 +0100 Message-Id: <20210215181511.2840674-4-mic@digikod.net> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210215181511.2840674-1-mic@digikod.net> References: <20210215181511.2840674-1-mic@digikod.net> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org From: Mickaël Salaün Thanks to the previous commit, this gives the opportunity to users, when running make oldconfig, to update the list of enabled LSMs at boot time if an LSM has just been enabled or disabled in the build. Moreover, this list only makes sense if at least one LSM is enabled. Cc: Casey Schaufler Cc: James Morris Cc: Masahiro Yamada Cc: Serge E. Hallyn Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20210215181511.2840674-4-mic@digikod.net --- Changes since v1: * Add CONFIG_SECURITY as a dependency of CONFIG_LSM. This prevent an error when building without any LSMs. --- security/Kconfig | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/Kconfig b/security/Kconfig index 7561f6f99f1d..addcc1c04701 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -277,6 +277,10 @@ endchoice config LSM string "Ordered list of enabled LSMs" + depends on SECURITY || SECURITY_LOCKDOWN_LSM || SECURITY_YAMA || \ + SECURITY_LOADPIN || SECURITY_SAFESETID || INTEGRITY || \ + SECURITY_SELINUX || SECURITY_SMACK || SECURITY_TOMOYO || \ + SECURITY_APPARMOR || BPF_LSM default "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR default "lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO