From: Shaz on
---------- Forwarded message ----------
From: Stephen Smalley <sds(a)>
Date: Fri, May 28, 2010 at 1:44 AM
Subject: Re: Default security module feature of 2.6.34
To: Shaz <shazalive(a)>
Cc: selinux <selinux(a)>

On Fri, 2010-05-28 at 01:28 +0500, Shaz wrote:
> On Fri, May 28, 2010 at 12:27 AM, Stephen Smalley <sds(a)> wrote:
> > On Thu, 2010-05-27 at 22:12 +0500, Shaz wrote:
> >> Dear all,
> >>
> >> I saw the default security feature in linux-2.6.34 and wanted to know
> >> what difference does it make to have linux DAC or selinux as the
> >> default security module?
> >
> > It doesn't appear to change anything. �Not sure if that was the intent.
> >
> > The purpose of the option was to allow specification of what security
> > module to enable at boot by default when multiple security modules are
> > built into the kernel and no security= parameter was specified on the
> > kernel command line. �Mostly useful for distributions who want to ship a
> > single kernel that can support any security module and default to a
> > particular one. �So for example you could compile SELinux, Smack, and
> > TOMOYO into your kernel while defaulting to enabling TOMOYO at boot
> > time, letting the user optionally select SELinux or Smack via the
> > security= kernel parameter.
> >
> > I think the DAC setting was just to reflect the fact that if you don't
> > enable anything else, you'll get DAC by default. �But to make that
> > option actually select DAC-only at boot (i.e. not enable any of security
> > modules), it would have to set the DEFAULT_SECURITY string to some
> > non-empty string that doesn't match any security module name rather than
> > to the empty string.
> If selinux is chosen at default then what would be the effect? Would
> LSM be invoked before DAC checks? If not then this kernel
> configuration scheme needs to be corrected.

No, it doesn't have anything to do with when the check is applied; it
just affects which security module is enabled by default at boot if
multiple security modules are built into your kernel.
DEFAULT_SECURITY_DAC is likely meant to disable all security modules
(DAC isn't a security module), falling back to only the default DAC
logic. �In which case the Kconfig file does need to be fixed.

Stephen Smalley
National Security Agency

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)
More majordomo info at
Please read the FAQ at