On 6/28/26 23:11, Simon Richter wrote: > Hi, > > On 6/29/26 3:54 AM, Eric Biggers wrote: > >> We could do that if it's what people want. Just keep in mind that it >> would be much more complex than the single tristate sysctl. And in >> practice the number of people who are knowledgeable enough to create >> these lists is quite small; we've seen similar things with other "Crypto >> API" configuration knobs that seem to never be touched in practice. > > I don't think finer grained control is necessary. > > The tristate is the best possible interface for the people running > precompiled distribution kernels. Ideally, deactivating the restriction > should also be disallowed in lockdown mode -- and this becomes a lot > easier to subvert if the list of algorithms is runtime configurable. > > I think it is safe to assume that the people using AF_ALG with hardware > crypto engines are building embedded systems with a custom kernel > configuration, so the .config is probably the best place for the > selection of algorithms that should remain available in restricted mode. > > Simon
I agree. That said, if the crypto_rng support is to remain, should it have a non-empty allowlist for privileged processes? Otherwise, it's dead code with the default sysctl value. -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature

