FS#42910 : [linux] consider re-enabling TOMOYO / SMACK as they don't depend on AUDIT

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#42910 - [linux] consider re-enabling TOMOYO / SMACK as they don't depend on AUDIT

Attached to Project: Arch Linux
Opened by Daniel Micay (thestinger) - Wednesday, 26 November 2014, 12:09 GMT
Last edited by Jan Alexander Steffens (heftig) - Tuesday, 09 April 2019, 21:53 GMT

Task Type	Feature Request
Category	Packages: Core
Status	Closed
Assigned To	Tobias Powalowski (tpowa) Jan Alexander Steffens (heftig)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	21 David Zaragoza (mclaud2000) (2019-02-09) nl6720 (nl6720) (2018-08-24) Jack Lloyd (randombit) (2018-08-10) Michael Schönitzer (Nudin) (2018-05-03) Kazutoshi Noguchi (ngkz) (2017-10-13) trendkiller (trendkiller) (2017-06-30) Krzysztof (Christopher) AS (3ED_0) (2017-06-22) zless (roentgen) (2016-12-28) Deon Spengler (deons) (2016-10-02) Dario Ostuni (dariost) (2016-06-21) Cornelius (dude42) (2016-05-14) Remi Gacogne (rgacogne) (2016-02-04) Levente Polyak (anthraxx) (2016-02-04) Andrey Vihrov (andreyv) (2016-01-14) (webmeister) (2015-07-07) Darrell (0strodamus) (2015-05-24) Simon Perry (pezz) (2015-05-18) Mariusz Libera (mar04) (2015-02-27) Axel B (urmel77) (2015-01-18) Stanislaw Pitucha (viraptor) (2014-11-26) Daniel Micay (thestinger) (2014-11-26)
Private	No

Details

Here's the thread where the decision was made to remove these:

https://lists.archlinux.org/pipermail/arch-dev-public/2014-March/026028.html

SELinux and AppArmor require CONFIG_AUDIT=y, which makes enabling them an intrusive change with an impact on everyone. I agree with keeping those disabled until upstream provides a way to fully disable audit by default.

However, SMACK and TOMOYO don't have the hard dependency on CONFIG_AUDIT=y and are built as entirely optional modules. Enabling these has no impact on people who aren't opting into to using them beyond an insignificant increase in the package size.

The TOMOYO tools were included in the repositories when it was disabled, and I'm interested in moving them back.

I'm not interested in SMACK, but there are packages for it in the AUR and the current lack of interest in them likely has to do with the need to keep recompiling the kernel whenever it updates... I don't see a good reason to make life harder for people who want to use it.

This task depends upon

Closed by Jan Alexander Steffens (heftig)
Tuesday, 09 April 2019, 21:53 GMT
Reason for closing: Implemented
Additional comments about closing: Added in trunk, pending next release.

Comments (6)
Related Tasks (0/0)

Comment by Doug Newgard (Scimmia) - Wednesday, 26 November 2014, 21:35 GMT

This is mostly a duplicate of ~~FS#39852~~ , but I'll let the maintainers make that call.

Comment by Daniel Micay (thestinger) - Wednesday, 26 November 2014, 22:56 GMT

I don't think it's a duplicate. It wasn't clear that these were fully modular from that issue report. The rationale for disabling these features was to get rid of non-optional, invasive features like CONFIG_AUDIT which has a significant performance impact and adds useless nonsense to the kernel logs. SELinux and AppArmor had to go as they have a hard dependency on it but removing these was actually unnecessary. As long as the default security model is left as DAC there's no impact on people who aren't opting in.

Technical decisions should be re-evaluated when new information comes to light. I've verified that TOMOYO works fine without audit support enabled, although it does have the ability to use it for logging enhancements.

Comment by Daniel Micay (thestinger) - Wednesday, 26 November 2014, 22:58 GMT

Arch is enabling the LSM framework to get the very useful ptrace_scope feature from Yama anyway.

Comment by Xan (xan) - Monday, 22 June 2015, 13:18 GMT

Perhaps the same could be done with Apparmor, because it only needs

CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
CONFIG_DEFAULT_SECURITY_APPARMOR=y

So no CONFIG_AUDIT too.

Comment by Daniel Micay (thestinger) - Monday, 22 June 2015, 13:38 GMT

Enabling it will turn on AUDIT:

config SECURITY_APPARMOR
bool "AppArmor support"
depends on SECURITY && NET
select AUDIT
select SECURITY_PATH
select SECURITYFS
select SECURITY_NETWORK
default n
help
This enables the AppArmor security module.
Required userspace tools (if they are not included in your
distribution) and further information may be found at
http://apparmor.wiki.kernel.org

If you are unsure how to answer this question, answer N.

Comment by Abelardo Ricart (aricart) - Tuesday, 09 April 2019, 17:39 GMT

Can this be enabled again? It does not affect other users, but saves those of us who prefer utilizing tomoyo as a MAC mechanism the cost of recompiling.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Arch Linux

FS#42910 - [linux] consider re-enabling TOMOYO / SMACK as they don't depend on AUDIT

Details

Loading...